Difference between revisions of "Project Information:template Testing Guide 3.0 - Final Review - Second Reviewer - F"

From OWASP
Jump to: navigation, search
 
(5 intermediate revisions by one user not shown)
Line 18: Line 18:
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Testing Project v3 Roadmap|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Testing Project v3 Roadmap|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
|-
 
 
The project team accomlished all of it's tasks in a timely manner.
 
The project team accomlished all of it's tasks in a timely manner.
 +
|-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
2. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Testing Project v3 Roadmap|'''the assumed ones''']], please quantify in terms of percentage.
 
2. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Testing Project v3 Roadmap|'''the assumed ones''']], please quantify in terms of percentage.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
|-
 
 
100%
 
100%
 +
|-
 +
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
3. Please do use the right hand side column to provide advice and make work suggestions.
 
3. Please do use the right hand side column to provide advice and make work suggestions.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
My concern was with the flow of the language as you move from section to section. This, of course, is a direct byproduct of having different authors for different sections and thier different writing styles.  In a couple of spots it made the guide a little  "disjointed" in it's style and delivery. should this be addressed in a future project or ongoing update?
 +
 +
Likewise, Some authors offered detailed samples of using tools and syntax to test for the vulnerability while others offered general discriptions of how to test.  As we move forward perhaps we could look at standardizing this by maybe adding a detailed sample test that could address each vulnerability. 
 +
 +
Or, another code project moving forward would be to create a test checklist based on the testing guide.  I think it would be of benefit to many, including those new to web application pen testing.
 
  |-
 
  |-
My concern was with the flow of the language as you move from section to section. This, of course, is a direct by product of different authors for different sections and thier different writing styles.  In a couple  of spots it made the guide a little  "disjointed" in it's style. Likewise, Some authors offered detailed samples of using tools and syntax to test for the vulnerability while others offered general discriptions of how to test.  As we move forward perhaps we could look at adding a detailed sample test that could address each vulnerability. 
 
Or, another code project moving forward would be to create a test checklist based on the testing guide.  I think it would be of benefit to many including those new to web application pentesting.
 
 
  | style="width:25%; background:white" align="center"|'''PART II'''  
 
  | style="width:25%; background:white" align="center"|'''PART II'''  
 
  | colspan="2" style="width:75%; background:white" align="left"|
 
  | colspan="2" style="width:75%; background:white" align="left"|
Line 45: Line 49:
 
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?
 
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
|-
 
 
None that I know of.
 
None that I know of.
 +
|-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
|-
 
 
None
 
None
 +
|-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
I concur with Nam.  A pdf document and a presentation are still needed.
 
  |-   
 
  |-   
I concur with Nam.  A pdf document and a presentation are still needed. 
 
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
4. Please do use the right hand side column to provide advice and make work suggestions.
 
4. Please do use the right hand side column to provide advice and make work suggestions.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
|}
 
|}

Latest revision as of 13:28, 21 October 2008

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Testing Project V3.0 Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The project team accomlished all of it's tasks in a timely manner.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

100%

3. Please do use the right hand side column to provide advice and make work suggestions.

My concern was with the flow of the language as you move from section to section. This, of course, is a direct byproduct of having different authors for different sections and thier different writing styles. In a couple of spots it made the guide a little "disjointed" in it's style and delivery. should this be addressed in a future project or ongoing update?

Likewise, Some authors offered detailed samples of using tools and syntax to test for the vulnerability while others offered general discriptions of how to test. As we move forward perhaps we could look at standardizing this by maybe adding a detailed sample test that could address each vulnerability.

Or, another code project moving forward would be to create a test checklist based on the testing guide. I think it would be of benefit to many, including those new to web application pen testing.

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

None that I know of.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

None

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

I concur with Nam. A pdf document and a presentation are still needed.

4. Please do use the right hand side column to provide advice and make work suggestions.