[Owasp-testing] editorial changes to intro
Marco M. Morana
marco.m.morana at gmail.com
Thu Jul 17 07:36:06 EDT 2008
As I read your comments I think you reviewed the introduction of vs 2. Did
you also review the new additions on the testing methodology of vs 3. If so
I will be happy to address changes.
I saw comments related to vs 3 additions of the methodology from Rick
Under "Developers' Security Tests" the following sentence doesn't read
clearly but I'm not 100% sure what the author was trying to say so I haven't
edited it: "A security unit testing framework might consist on a place
holder for security test cases and used to wrap the functions, methods and
classes that need to be security tested." Rick.mitchell 11:06, 15 July 2008
I will change the text and simplify and elaborate.
Also for the other parts that you addressed:
* Is there a format for citations/references?
* Threat modeling in Testing Techniques Explained refers to a detailed
threat modeling methodology in part 2. Does this really exist?
* The part on automated tools being bad at finding vulnerabilities
should probably be clarified (Mindset paragraph in principles)
I can provide changes to address threat modeling for testing and tools being
bad to find vulnerabilities.
I think this are in vs 2 so I did not commit to change this part of my
re-writing, just let me know.
From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Marco Cova
Sent: Wednesday, July 16, 2008 2:03 PM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] editorial changes to intro
I've started to do a batch of editorial changes to the intro chapter
of the testing guide. My plan is to finish with the intro by tonight,
wait for reactions, and, depending on those, back off or go on with
other sections of the guide :-)
The changes are mostly editorial: they try to streamline, reorganize,
and clarify the text, (mostly) without adding new content.
I'm trying to document the changes in the talk section of the page:
Of course, feel free to ask me if you have any
questions/comments/criticism, or to revert back to the previous
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing