[Owasp-testing] Testing Guide 3 dot OH!

Rudy Ruiz roodee at thummy.com
Thu May 17 12:14:55 EDT 2007

I agree. Workflow and process management is a significant cause of failed

I do have a question on version two. On page 31 there is an excellent
workflow diagram. My concern may be more philosophical, but penetration
testing is placed in the deployment phase. While this is a reflection of the
present reality, I think the previous part of the document makes a case for
testing early. The last 25% of the development phase is an excellent place
to perform a penetration test. When unit and integration testing are
complete (or even earlier) and there is a functional application running in
a test or certification environment this could also be a point in the
workflow where testing can (and should IMHO) begin. In the deployment phase
construction/coding is done. As a result, implementing changes after a code
freeze or a push to production is quite the challenge in some environments.
A test or certification environment although volatile offers a path to
fixing issues prior to deployment. To ease the pain that is caused by a
dynamic environment such as dev or test, a certification environment offers
the relative stability and opportunity to submit defects and see them
corrected prior to deployment.


On 5/17/07, Daniel Cuthbert <daniel.cuthbert at owasp.org> wrote:
> Now that 2.0 is out, who wants to talk about version 3?
> The way i see it is that we need to take the spectacular efforts from
> 1.0 -> 2.0 and make 3.0 into a fully fledged adult which not only
> explains the technical side but also includes aspects that many
> guides often forget about, such as:
> - Managing security testing teams
> - Working with UAT and change control
> - Managing expectations
> Thoughts?
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070517/141dcfee/attachment-0001.html 

More information about the Owasp-testing mailing list