Home page logo

webappsec logo WebApp Sec mailing list archives

Re: what happened to the web testing methodology
From: Mads Rasmussen <mads () opencs com br>
Date: Wed, 16 Jun 2004 10:53:14 -0300

Glyn Geoghegan wrote:
Much of the technical content from the original guide has been/is being
edited and integrated into the forthcoming new ones.

Yes that's noticeable, I still think though that the original document had a more methodology feeling to it though by no means anything finished.

You have no idea how many requests I have received for Endlers original document, it was released as a methodology. The two testing documents that you currently are working on bears no such title nor objective if I have understood it correctly.

It's difficult to do a methodology, but I think it would be fruitful to begin such a document after we have the two testing documents in house.

Part 1 is still kind of confuse I think, what is its objective? I see it as an introduction to testing web applications but it doesn't say much.

Part 2 on the other hand I understand will be what to test for and how.

In my opinion, only when these two documents are finished, a methodology can be established.

The versions around before the project was paused (0.7, 0.6) were still very
much in the pre-production phase (as I'm sure you'll see from the swathes of
yellow highlights and margins full of 'must write this bit'!).

Yes very much so

Congratulations on your session guide btw, very nice work!

Mads Rasmussen, M.Sc.
Open Communications Security
+55 11 3345 2525

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]