[Owasp-testing] Are the Risk Rating Wiki Pages Broken?

Christian Heinrich christian.heinrich at cmlh.id.au
Thu Aug 29 01:49:58 UTC 2013


Pete,

On Wed, Aug 28, 2013 at 7:22 PM, Pete Herzog <lists at isecom.org> wrote:
> The Robots thing has been in the OSSTMM since version 1. So it is in
> the OSSTMM App Sec methodology. But thanks. I'll look into the other
> things you sent but I won't be able to answer by Sept 3. I will get to
> you as soon as possible.

If this is the case then Ty (or "Pure Hacking) are more than welcome
to provide the reason for this perceived deficiency in their delivery
of the OSSTMM prior to December 2011 i.e.
http://www.smh.com.au/it-pro/security-it/telstra-customer-database-exposed-20111209-1on60.html
and their continued failure after [I assume] "Pure Hacking" to correct
this deficiency in their continued application of the OSSTMM from
December 2011 through to May 2013 i.e.
http://www.smh.com.au/it-pro/security-it/oops-google-search-reveals-private-telstra-customer-data-20130516-2jnmw.html

Also, can you send the relevant quote from the OSSTMM (a release which
is available to the public without a paid subscription) to me so I can
include a reference to it within the
https://www.owasp.org/index.php/Testing:_Spiders,_Robots,_and_Crawlers_(OWASP-IG-001)
 please?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Owasp-testing mailing list