[WEB SECURITY] Formal Pentesting 'test plan/s' projects?

robert at webappsec.org robert at webappsec.org
Mon Jul 20 18:01:28 EDT 2009


That document doesn't cover the assessment plans in much depth however does reference
http://csrc.nist.gov/publications/nistpubs/800-53A/SP800-53A-final-sz.pdf which I've justed started
reading (381 pages!).

Ideally I'm looking for something more lightweight than 381 pages (maybe 20-50) but will review it 
non the less :)

- Robert
> 
> Something more technical, more comprehensive, or in some other way differen=
> t from NIST SP 800-115?
> 
> http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
> 
> -Michael
> 
> -----Original Message-----
> From: robert at webappsec.org [mailto:robert at webappsec.org]=20
> Sent: Monday, July 20, 2009 5:32 PM
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Formal Pentesting 'test plan/s' projects?
> 
> Is anyone aware of a project/initiative for the creation of security test p=
> lans for use by penetration testers?
> Yes threat modeling (in some form) would be utilized to narrow down what sh=
> ould be tested for, but I'm curious if there are any
> formalized approaches to this anywhere. To be clear this would be utilized =
> to ensure a certain minium set of attacks
> and weaknesses were assessed, and not as a set of things ONLY to check for.
> 
> Regards,
> - Robert A.
> http://www.webappsec.org/
> http://www.cgisecurity.com/
> http://www.qasec.com/
> 
> 
> 
> ---------------------------------------------------------------------------=
> -
> Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives:=20
> http://www.webappsec.org/lists/websecurity/archive/
> 
> Subscribe via RSS:=20
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> 
> This E-Mail has been scanned for viruses.
> 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list