As you know we are starting to build the testing framework....we are
going to capture the mailing list debate and thoughts to want your input.
Well then publish it for community review and input.

One of the areas that seems really important is What to test ? I put
some provisional headings down at http://www.owasp.org/projects/testing/

Imaginary scneario : you are presented with a site dns name and asked
to review its security of the applications running on it.

Where do you start ?
Do you spider the site looking for any place that sends paramaters to
an application ?
How do you find where application reside ?
What about web services and WDSL ? Do you look at a UDDI ?
Should you test an application issolation (ie a single cgi) or all applications
on that site ?

These are just a few thoughts, really just a few...

So does anyone want to share the way they approach deciding what should
be tested with the list ?

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]