[Dailydave] Open Source Methodologies for Application Testing
Pete Herzog
lists at isecom.org
Mon Jan 14 17:00:24 EST 2008
Hi,
Take a look at SCARE (www.isecom.org/scare) which is for measuring the
security complexity of source code but the concept still applies. We use
that as a framework also for application tests as well. It's from the
OSSTMM 3.0 so the concepts are very new but it really helps you test for
the size of an application's attack surface and the controls in place. You
may want to take a look at it.
Sincerely,
-pete.
Adriel Desautels wrote:
> Greetings,
> I am aware that methodologies like the OSSTMM and OWASP exist, but
> are there any similar methodologies for performing assessments against
> applications like Microsoft Office, etc? I haven't done much searching
> so if the answer is obvious then I apologize in advance.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list