[Global_education_committee] OWASP Testing Guide..

Martin Knobloch martin.knobloch at owasp.org
Thu May 13 04:32:16 EDT 2010


Hi Nishe,

There has been a metrics project, if I recall correctly. But I am not sure
how alive that is.

As SDL, there is CLASP, covering all roles and responsibilities inside a
SDL.
The guides, as shown on the attachment, are documentations for a certain
step during a development process. The guides being consistent over the
whole process, as common reverence, the ASDR (application security desk
reference).

The ASVS can be used as "what level use as target" and verification "what
level is reached". There is also Threat Modeling information on the OWASP
Wiki: http://www.owasp.org/index.php/Category:Threat_Modeling
<http://www.owasp.org/index.php/Category:Threat_Modeling>What is following
closely the Microsoft approach.

Hope this answers your question, else, don't hesitate to ask!

Cheers,
~Martin

On Wed, May 12, 2010 at 10:56 PM, Nishi Kumar <nishi787 at hotmail.com> wrote:

>  Hi All,
>
> I am in the process of creating the presentations for OWASP Testing Guide
> and had few questions. I am including here a screen shot of OWASP SDLC which
> I found in one of the Testing Guide presentation.
> 1. What is the right documentation project for policy and Standards and
> Develop Metrics?
> 2. Is ASVS is the right document for Security Requirements and Threat
> Modeling?
>
> Thanks
> Nishi Kumar
> OWASP Global Education Committee
>
> ------------------------------
> From: nishi787 at hotmail.com
> To: paulo.coimbra at owasp.org; matteo.meucci at owasp.org
> Date: Mon, 26 Apr 2010 16:10:25 -0500
> CC: global_education_committee at lists.owasp.org
> Subject: [Global_education_committee] OWASP Testing Guide..
>
>
> Hi All,
>
> I have to do two training session for for our QA team based on OWASP
> Testing guide. One a high level overview which brings general awareness of
> testing for Security and another one a detail session for the QA group who
> will actually be doing the application and infrastructure testing. Is there
> any existing power point presentation we have on OWASP Testing guide that I
> can leverage to prepare this presentation. I will appreciate if somebody can
> point me to any relevant material in this topic.
>
> Thanks
> Nishi Kumar
> OWASP Education Committee
>
> ------------------------------
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
> Hotmail. Get busy.<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5>
> ------------------------------
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
> Hotmail. Get busy.<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5>
>
> _______________________________________________
> Global_education_committee mailing list
> Global_education_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_education_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/65aa2e89/attachment.html 


More information about the Global_education_committee mailing list