So what should be in a testing framework ?

Does anyone have any good testing framework documents or methodologies that
they want to share ?

This is our first take at things that should be included.

Why Test ?

Due Diligence
Against Requirements
Against Standards

What to Test ?

Defining Objectives
Domain Analysis
Modeling Security
Attack Trees
Predictive Threat Modeling

How to test ?

Planning a Test
Types of Testing
White-box
Black-box
White-box vs Black-Box
Glass-Box

Types of Tools

Automated HTTP Agents
Source Code Analysers
The Browser
Socket Spies
Sniffers
Proxies

Testing Specific Problems

List of problems and how to test for them here

Analyzing Results

Validating Results
Identifying False Positives
Problem Chaining

Reporting

Sample Reports
Meaningful Impact Statements

So whats missing or should be included ?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]