[WEB SECURITY] Formal Pentesting 'test plan/s' projects?

robert at webappsec.org robert at webappsec.org
Mon Jul 20 17:31:53 EDT 2009


Is anyone aware of a project/initiative for the creation of security test plans for use by penetration testers?
Yes threat modeling (in some form) would be utilized to narrow down what should be tested for, but I'm curious if there are any
formalized approaches to this anywhere. To be clear this would be utilized to ensure a certain minium set of attacks
and weaknesses were assessed, and not as a set of things ONLY to check for.

Regards,
- Robert A.
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list