[Global_education_committee] OWASP Testing Guide..

Paulo Coimbra paulo.coimbra at owasp.org
Thu May 13 11:49:11 EDT 2010

Yes, we have a metrics project
roject#tab=Project_Identification but it seems somewhat inactive.
Nevertheless, I am carbon copying Jeff Barto, the project's current leader,
to see if he can help us out.




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Martin Knobloch [mailto:martin.knobloch at owasp.org] 
Sent: quinta-feira, 13 de Maio de 2010 09:32
To: Nishi Kumar
Cc: paulo.coimbra at owasp.org; matteo.meucci at owasp.org;
global_education_committee at lists.owasp.org
Subject: Re: [Global_education_committee] OWASP Testing Guide..


Hi Nishe,


There has been a metrics project, if I recall correctly. But I am not sure
how alive that is.


As SDL, there is CLASP, covering all roles and responsibilities inside a

The guides, as shown on the attachment, are documentations for a certain
step during a development process. The guides being consistent over the
whole process, as common reverence, the ASDR (application security desk


The ASVS can be used as "what level use as target" and verification "what
level is reached". There is also Threat Modeling information on the OWASP
Wiki: http://www.owasp.org/index.php/Category:Threat_Modeling

What is following closely the Microsoft approach.


Hope this answers your question, else, don't hesitate to ask!





On Wed, May 12, 2010 at 10:56 PM, Nishi Kumar <nishi787 at hotmail.com> wrote:

Hi All,
I am in the process of creating the presentations for OWASP Testing Guide
and had few questions. I am including here a screen shot of OWASP SDLC which
I found in one of the Testing Guide presentation. 
1. What is the right documentation project for policy and Standards and
Develop Metrics?
2. Is ASVS is the right document for Security Requirements and Threat
Nishi Kumar
OWASP Global Education Committee



From: nishi787 at hotmail.com
To: paulo.coimbra at owasp.org; matteo.meucci at owasp.org
Date: Mon, 26 Apr 2010 16:10:25 -0500
CC: global_education_committee at lists.owasp.org
Subject: [Global_education_committee] OWASP Testing Guide..

Hi All,
I have to do two training session for for our QA team based on OWASP Testing
guide. One a high level overview which brings general awareness of testing
for Security and another one a detail session for the QA group who will
actually be doing the application and infrastructure testing. Is there any
existing power point presentation we have on OWASP Testing guide that I can
leverage to prepare this presentation. I will appreciate if somebody can
point me to any relevant material in this topic.
Nishi Kumar
OWASP Education Committee


The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail. Get busy.


The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail. Get busy.

Global_education_committee mailing list
Global_education_committee at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/a7f454fd/attachment.html 

More information about the Global_education_committee mailing list