Penetration Testing mailing list archives
RE: Web App Complexity Metrics / Scoping a Web App
From: "Debasis Mohanty" <debasis.mohanty.listmails () gmail com>
Date: Tue, 31 Mar 2009 08:56:06 +0530
You may like to take a look at - TA-Mapper: Application Penetration Testing Effort Estimator http://www.coffeeandsecurity.com/resources/tools/tamapper.aspx In addition, do take a look at the excel file included which talks about the quantitative approach towards effort estimation and might give you some pointers. -d -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jonathan Cran Sent: 26 March 2009 00:14 To: pen-test () securityfocus com Subject: Web App Complexity Metrics / Scoping a Web App Since we're on the topic of metrics, I'd like to throw out this question: How are you currently scoping web applications for review? I'm trying to come up with a better way to measure the complexity of applications (and thus, the time required to test). I'd like to keep it as simple as possible. Here's what I've got so far: - How many backend components are involved? (Database / Middle Tier) - Does the application have a web services interface? - Are client-side - javascript - flash - or other RIA technologies used for business logic? - How many static pages? - How many dynamic pages? What other metrics are you using to scope application assessments? jcran jcran () 0x0e org ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- RE: Web App Complexity Metrics / Scoping a Web App Debasis Mohanty (Apr 03)
- <Possible follow-ups>
- RE: Web App Complexity Metrics / Scoping a Web App Debasis Mohanty (Apr 03)