Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Open Source Methodologies for Application Testing
From: Pete Herzog <lists () isecom org>
Date: Mon, 14 Jan 2008 23:00:24 +0100
Hi,

Take a look at SCARE (www.isecom.org/scare) which is for measuring the 
security complexity of source code but the concept still applies.  We use 
that as a framework also for application tests as well.  It's from the 
OSSTMM 3.0 so the concepts are very new but it really helps you test for 
the size of an application's attack surface and the controls in place. You 
may want to take a look at it.

Sincerely,
-pete.


Adriel Desautels wrote:

Greetings,
    I am aware that methodologies like the OSSTMM and OWASP exist, but 
are there any similar methodologies for performing assessments against 
applications like Microsoft Office, etc? I haven't done much searching 
so if the answer is obvious then I apologize in advance.


------------------------------------------------------------------------

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]