WebApp Sec mailing list archives
Re: Defining scope of web application pentest (now scope of an annual medical exam)
From: "Andy Steingruebl" <steingra () gmail com>
Date: Wed, 12 Dec 2007 20:14:37 -0800
On Dec 12, 2007 7:42 PM, Clement Dupuis <cdupuis () cccure org> wrote:
Good day Andy, I totally agree with you that saving life and saving data is very different. The point was not to map to an exact profession but more to illustrate that whenever you deal with someone who provides a services and offer such service, you expect they have the skills and the ability to render the service.
I wasn't just arguing the categories are different, more that medicine isn't quite standardized either. Of course if they misdiagnose you, you can sue them. If a pen-tester doesn't find a major flaw, your mileage may vary if you decide to pursue litigation. That said, formality and repeatability is a good thing in testing, I encourage folks to check out the OWASP testing project as a way to more formally go about this sort of activity. http://www.owasp.org/index.php/Category:OWASP_Testing_Project -- Andy Steingruebl steingra () gmail com ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Defining scope of web application pentest Vishal Garg (Dec 08)
- RE: Defining scope of web application pentest Marco M. Morana (Dec 08)
- RE: Defining scope of web application pentest (now scope of an annual medical exam) Clement Dupuis (Dec 12)
- Re: Defining scope of web application pentest (now scope of an annual medical exam) Andy Steingruebl (Dec 14)
- RE: Defining scope of web application pentest (now scope of an annual medical exam) Clement Dupuis (Dec 14)
- Re: Defining scope of web application pentest (now scope of an annual medical exam) Andy Steingruebl (Dec 14)
- RE: Defining scope of web application pentest (now scope of an annual medical exam) Clement Dupuis (Dec 12)
- RE: Defining scope of web application pentest (now scope of an annual medical exam) Vishal Garg (Dec 14)
- RE: Defining scope of web application pentest Marco M. Morana (Dec 08)
- RE: Defining scope of web application pentest Debasis Mohanty (Dec 15)