[Owasp-testing] spreadsheets for testing guide / top ten
Boberski, Michael [USA]
boberski_michael at bah.com
Mon Dec 14 15:03:13 EST 2009
Cool!
Spread the word :-)
Mike B.
________________________________
From: Jonathan Cran [mailto:jcran at 0x0e.org]
Sent: Monday, December 14, 2009 2:52 PM
To: Boberski, Michael [USA]
Cc: daniel cuthbert; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten
Michael,
Totally agreed, I was hesitant to put it out for that purpose.
The ASVS is fantastic, splitting the verification of an application into levels. Exactly what i've been looking for. This project should be publicized more!
jcran
On Mon, Dec 14, 2009 at 8:21 AM, Boberski, Michael [USA] <boberski_michael at bah.com<mailto:boberski_michael at bah.com>> wrote:
If you open asvs.xml using Excel, then you can save it as an Excel spreadsheet.
Download this: http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip
Unzip, then open asvs.xml, can accept defaults when importing, then can save as, then can add whatever columns to hold whatever test data.
Mike B.
________________________________
From: owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org> [mailto:owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>] On Behalf Of daniel cuthbert
Sent: Monday, December 14, 2009 4:45 AM
To: Jonathan Cran
Cc: owasp-testing at lists.owasp.org<mailto:owasp-testing at lists.owasp.org>
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten
The XMl version is pretty good, what we'd need is something that wouldn't require net access and could be easily archived with every test. As much as I dislike Excel, it does tick the boxes (excuse the pun) when it comes to testing apps and being thorough.
2009/12/14 Jonathan Cran <jcran at 0x0e.org<mailto:jcran at 0x0e.org>>
Cool, i'll check that out. In the meantime, here's a spreadsheet version of the 2010 Top10.
http://www.0x0e.org/x/OWASP-Top10-2010.xls
Cross-posting on the owasp-top10 list.
jcran
--
Jonathan Cran
jcran at 0x0e.org<mailto:jcran at 0x0e.org>
515.890.0080
On Sun, Dec 13, 2009 at 11:11 PM, Mike Boberski <mike.boberski at gmail.com<mailto:mike.boberski at gmail.com>> wrote:
Perhaps consider ASVS, there is an XML version you could use, see the
project page
On 12/13/09, Jonathan Cran <jcran at 0x0e.org<mailto:jcran at 0x0e.org>> wrote:
> A while back there was a thread discussing the need for a spreadsheet
> version of the testing guide (see;
> https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html) . i
> think the debate was mainly centered around whether or not an xls file would
> be acceptable.
>
> I was wondering if anything like this had been published?
>
> I've created versions in the past. I think it definitely makes sense to
> offer this as a supplement to the OWASP testing guide (and top 10), based on
> how many testers like to "check-off" portions of a test.
>
> Thoughts?
>
> jcran
>
--
Mike
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-testing
--
Jonathan Cran
jcran at 0x0e.org<mailto:jcran at 0x0e.org>
515.890.0070
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20091214/7a04592b/attachment.html
More information about the Owasp-testing
mailing list