WebApp Sec mailing list archives
Re: webapp audit and forensics
From: crazy frog crazy frog <i.m.crazy.frog () gmail com>
Date: Fri, 21 Oct 2005 10:11:41 +0530
hi, oswp having some info on it.u can also read the webapp testing cheat sheet.get it here:- http://www.secguru.com/web_application_testing_cheatsheet regards, ---------------- crazy frog On 10/20/05, Griffiths, Ian <Ian.Griffiths () liv-coll ac uk> wrote:
Have you conducted an audit on a similar scale in the past? Do you have a plan of exactly what you would like to test and the sum of how long each of those tests will last? Are you prepared to lose the work if the client is not prepared to spend your hourly rate multiplied by this figure? Second one is easier - of course you should charge if nothing is found. I personally would ensure that they are clear on what this means - that during your tests you didn't see anything. I wouldn't write them a letter congratulating them on the fact they have no issues whatsoever. Ian -----Original Message----- From: Serg Belokamen [mailto:serg.belokamen () gmail com] Sent: 20 October 2005 04:02 To: Andrew van der Stock Subject: webapp audit and forensics However I do need to know the figure asap. Also, should the client be charged if no vaulnarabilities are detected.
-- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :)
Current thread:
- webapp audit and forensics Serg Belokamen (Oct 19)
- <Possible follow-ups>
- RE: webapp audit and forensics Griffiths, Ian (Oct 20)
- Re: webapp audit and forensics crazy frog crazy frog (Oct 20)
- Re: webapp audit and forensics Dhruv Soi (Oct 22)
- webapp audit and forensics Serg B. (Oct 24)
- Re: webapp audit and forensics crazy frog crazy frog (Oct 20)
- RE: webapp audit and forensics Jason Gregson (Oct 20)
- Re: RE: webapp audit and forensics f_kenisky (Oct 20)