[WEB SECURITY] Formal Pentesting 'test plan/s' projects?

Vance, Michael Michael.Vance at salliemae.com
Mon Jul 20 16:53:44 EDT 2009


Something more technical, more comprehensive, or in some other way different from NIST SP 800-115?

http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf

-Michael

-----Original Message-----
From: robert at webappsec.org [mailto:robert at webappsec.org] 
Sent: Monday, July 20, 2009 5:32 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Formal Pentesting 'test plan/s' projects?

Is anyone aware of a project/initiative for the creation of security test plans for use by penetration testers?
Yes threat modeling (in some form) would be utilized to narrow down what should be tested for, but I'm curious if there are any
formalized approaches to this anywhere. To be clear this would be utilized to ensure a certain minium set of attacks
and weaknesses were assessed, and not as a set of things ONLY to check for.

Regards,
- Robert A.
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


This E-Mail has been scanned for viruses.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list