O'Reilly logo
  • Sruthi Pakanati thinks this is interesting:

  • What have you learned about the application?
  • Are you focusing on the most security-relevant components?
  • Have you gotten stuck on any tangents or gone down any rabbit holes?
  • Does your master ideas list have many plausible entries?
  • Have you been taking adequate notes and recorded enough detail for review purposes?
  • If you’re working from application models and documentation (or developing them as you work), do these models reflect the implementation accurately?
  • From

    Cover of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities


    Good reference list