From what I read of the attack components they were
technical attacks. I guess you could argue that a
testing frameowrk should also include tests for
excessive admins or things like appropriate
authorization levels.

--- "Dawes, Rogan (ZA - Johannesburg)"
<rdawesdeloitte.co.za> wrote:
> >
> > So what should be in a testing framework ?
> >
> > Does anyone have any good testing framework
> documents or
> > methodologies that
> > they want to share ?
> >
> > This is our first take at things that should be
> included.
> >
>
> [...]
> >
> > Testing Specific Problems
> >
> > List of problems and how to test for them here
>
> Is this not simply the full list of Attack
> Components?
> >
> > Analyzing Results
> >
> > Validating Results
> > Identifying False Positives
>
> This is a very important section!
>
> > Problem Chaining
>
> i.e. What happens if we combine two or more low
> level vulnerabilities? do we
> get a bigger problem?
> >
> > Reporting
> >
> > Sample Reports
> > Meaningful Impact Statements
> >
> >
> > So whats missing or should be included ?
> >
> >

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]