[WEB SECURITY] Formal Pentesting 'test plan/s' projects?
Vance, Michael
Michael.Vance at salliemae.com
Mon Jul 20 16:53:44 EDT 2009
Something more technical, more comprehensive, or in some other way different from NIST SP 800-115?
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
-Michael
-----Original Message-----
From: robert at webappsec.org [mailto:robert at webappsec.org]
Sent: Monday, July 20, 2009 5:32 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Formal Pentesting 'test plan/s' projects?
Is anyone aware of a project/initiative for the creation of security test plans for use by penetration testers?
Yes threat modeling (in some form) would be utilized to narrow down what should be tested for, but I'm curious if there are any
formalized approaches to this anywhere. To be clear this would be utilized to ensure a certain minium set of attacks
and weaknesses were assessed, and not as a set of things ONLY to check for.
Regards,
- Robert A.
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
This E-Mail has been scanned for viruses.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list