|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dawes, Rogan (ZA - Johannesburg) (rdawes
deloitte.co.za)Date: Wed Jan 09 2002 - 01:04:00 CST
>
> So what should be in a testing framework ?
>
> Does anyone have any good testing framework documents or
> methodologies that
> they want to share ?
>
> This is our first take at things that should be included.
>
[...]
>
> Testing Specific Problems
>
> List of problems and how to test for them here
Is this not simply the full list of Attack Components?
>
> Analyzing Results
>
> Validating Results
> Identifying False Positives
This is a very important section!
> Problem Chaining
i.e. What happens if we combine two or more low level vulnerabilities? do we
get a bigger problem?
>
> Reporting
>
> Sample Reports
> Meaningful Impact Statements
>
>
> So whats missing or should be included ?
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]