[Global_education_committee] OWASP Testing Guide..

Paulo Coimbra paulo.coimbra at owasp.org
Thu May 13 11:49:11 EDT 2010


Yes, we have a metrics project
http://www.owasp.org/index.php/Category:OWASP_Application_Security_Metrics_P
roject#tab=Project_Identification but it seems somewhat inactive.
Nevertheless, I am carbon copying Jeff Barto, the project's current leader,
to see if he can help us out.

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Martin Knobloch [mailto:martin.knobloch at owasp.org] 
Sent: quinta-feira, 13 de Maio de 2010 09:32
To: Nishi Kumar
Cc: paulo.coimbra at owasp.org; matteo.meucci at owasp.org;
global_education_committee at lists.owasp.org
Subject: Re: [Global_education_committee] OWASP Testing Guide..

 

Hi Nishe,

 

There has been a metrics project, if I recall correctly. But I am not sure
how alive that is.

 

As SDL, there is CLASP, covering all roles and responsibilities inside a
SDL.

The guides, as shown on the attachment, are documentations for a certain
step during a development process. The guides being consistent over the
whole process, as common reverence, the ASDR (application security desk
reference).

 

The ASVS can be used as "what level use as target" and verification "what
level is reached". There is also Threat Modeling information on the OWASP
Wiki: http://www.owasp.org/index.php/Category:Threat_Modeling

What is following closely the Microsoft approach.

 

Hope this answers your question, else, don't hesitate to ask!

 

Cheers,

~Martin

 

On Wed, May 12, 2010 at 10:56 PM, Nishi Kumar <nishi787 at hotmail.com> wrote:

Hi All,
 
I am in the process of creating the presentations for OWASP Testing Guide
and had few questions. I am including here a screen shot of OWASP SDLC which
I found in one of the Testing Guide presentation. 
1. What is the right documentation project for policy and Standards and
Develop Metrics?
2. Is ASVS is the right document for Security Requirements and Threat
Modeling?
 
Thanks
Nishi Kumar
OWASP Global Education Committee

 

  _____  

From: nishi787 at hotmail.com
To: paulo.coimbra at owasp.org; matteo.meucci at owasp.org
Date: Mon, 26 Apr 2010 16:10:25 -0500
CC: global_education_committee at lists.owasp.org
Subject: [Global_education_committee] OWASP Testing Guide..



Hi All,
 
I have to do two training session for for our QA team based on OWASP Testing
guide. One a high level overview which brings general awareness of testing
for Security and another one a detail session for the QA group who will
actually be doing the application and infrastructure testing. Is there any
existing power point presentation we have on OWASP Testing guide that I can
leverage to prepare this presentation. I will appreciate if somebody can
point me to any relevant material in this topic.
 
Thanks
Nishi Kumar
OWASP Education Committee

  _____  

The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail. Get busy.
<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID2
8326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5>  

  _____  

The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail. Get busy.
<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID2
8326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5> 


_______________________________________________
Global_education_committee mailing list
Global_education_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_education_committee

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/a7f454fd/attachment.html 


More information about the Global_education_committee mailing list