[Owasp-testing] OSSTMM manual
pete at isecom.org
Tue Jan 23 04:33:38 EST 2007
The image is over-simplified. There are applications for services that are
not on the web: ie, for finger, dns, ldap, smtp, pop, etc. for which the
OSSTMM does have tests for. It should say "web applications" right?
Pete Herzog - Managing Director - pete at isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
ISECOM is the OSSTMM Professional Security Tester (OPST),
OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool
Teacher certification authority.
Dinis Cruz wrote:
> That image is actually a good one, can you put a variation of it on the
> It also shows exactly why there should some references to the OSSTMM in
> the Guide
> On 1/19/07, *Matteo Meucci* <matteo.meucci at gmail.com
> <mailto:matteo.meucci at gmail.com>> wrote:
> 1) OWASP and OSSTMM are complementary: the first focuses on Web
> Application Security, the second focuses on System and Network
> I agree with Eoin, the Testing Guide is more practical.
> As you can see in the attachment (I don't know if that will be
> eliminated by the mail server), Raoul Chiesa and I talked about that
> at the IDC Banking Forum 2005.
> 2) OSSTMM cites OWASP in their methodology for the Web Application
> Security field because it doesn't go deeply into this argument.
> 3) ISSAF is similar to our Testing Guide, but once again this is not
> totally focused on Web Application Security and the approach is
> 4) Testing Guide Version 2.1
> As PDP has suggested me, I'd like to create a new chapter on Client
> side Testing: flash, java, ecc...nowadays Web 2.0 moves a part of the
> application on the client side.
> On 1/19/07, Jeff Williams < jeff.williams at aspectsecurity.com
> <mailto:jeff.williams at aspectsecurity.com>> wrote:
> > >  Previous versions of the OWASP documents used the
> > > GFDL license. I've never seen the reasoning behind the license
> > > Anyone care to point me to it?
> > The CC Attribution Share-Alike
> (http://creativecommons.org/licenses/by-sa/2.5/) was designed by
> Lawrence Lessig precisely for wiki content. The basic idea is that
> you can reference the material to the licensor without having to
> attribute back to all of the original authors (which could be very
> > It suits our work at OWASP very well. The GFDL is large and
> complex and wasn't really designed for a wiki (see
> > --Jeff
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
> > http://lists.owasp.org/mailman/listinfo/owasp-testing
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> OWASP Testing Guide AoC lead
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
More information about the Owasp-testing