Dailydave mailing list archives
Re: Open Source Methodologies for Application Testing
From: Pete Herzog <lists () isecom org>
Date: Mon, 14 Jan 2008 23:00:24 +0100
Hi, Take a look at SCARE (www.isecom.org/scare) which is for measuring the security complexity of source code but the concept still applies. We use that as a framework also for application tests as well. It's from the OSSTMM 3.0 so the concepts are very new but it really helps you test for the size of an application's attack surface and the controls in place. You may want to take a look at it. Sincerely, -pete. Adriel Desautels wrote:
Greetings, I am aware that methodologies like the OSSTMM and OWASP exist, but are there any similar methodologies for performing assessments against applications like Microsoft Office, etc? I haven't done much searching so if the answer is obvious then I apologize in advance. ------------------------------------------------------------------------ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Open Source Methodologies for Application Testing Adriel Desautels (Jan 14)
- Re: Open Source Methodologies for Application Testing Pete Herzog (Jan 14)