[Owasp-testing] Probably missing heading in PDF of OWASP Testing Guide v4

Hookings, Stephen stephen.hookings at sap.com
Fri Oct 31 16:45:54 UTC 2014


Me again

Fascinating read. So I wonder if on PDF page 20/224 there should be a heading?

Last paragraph bottom left:

Threat modeling tools such as threat trees and attack libraries can
be useful to derive the negative test scenarios. A threat tree will
assume a root attack (e.g., attacker might be able to read other users'
messages) and identify different exploits of security controls
(e.g., data validation fails because of a SQL injection vulnerability)
and necessary countermeasures (e.g., implement data validation
and parametrized queries) that could be validated to be effective
in mitigating such attacks.
Deriving Security Test Requirements Through Use and Misuse
Cases
A prerequisite to describing the application functionality is to ..

I suspect "Deriving Security Test Requirement Through Use and Misuse Cases" is a heading?

Sorry to be nit-picky ... honestly I am about to incur the wrath of my Mrs for not getting ready to go out tonight ... this OWASP has got to be a pretty darn good read for me to risk what would make even Kirk's arch enemy look like a <insert most politically correct thing here!>

Regards
Steve Hookings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20141031/25e10169/attachment-0001.html>


More information about the Owasp-testing mailing list