[Global_education_committee] OWASP Testing Guide..

Nishi Kumar nishi787 at hotmail.com
Thu May 13 12:01:42 EDT 2010

Thanks Martin and Paulo for providing help on this topic.



Nishi Kumar

Global Education Committee

From: paulo.coimbra at owasp.org
To: martin.knobloch at owasp.org; nishi787 at hotmail.com
CC: matteo.meucci at owasp.org; global_education_committee at lists.owasp.org; jeffrey.barto at ubs.com
Subject: RE: [Global_education_committee] OWASP Testing Guide..
Date: Thu, 13 May 2010 16:49:11 +0100

Yes, we have a metrics project http://www.owasp.org/index.php/Category:OWASP_Application_Security_Metrics_Project#tab=Project_Identification but it seems somewhat inactive. Nevertheless, I am carbon copying Jeff Barto, the project’s current leader, to see if he can help us out.
Paulo Coimbra,
OWASP Project Manager

From: Martin Knobloch [mailto:martin.knobloch at owasp.org] 
Sent: quinta-feira, 13 de Maio de 2010 09:32
To: Nishi Kumar
Cc: paulo.coimbra at owasp.org; matteo.meucci at owasp.org; global_education_committee at lists.owasp.org
Subject: Re: [Global_education_committee] OWASP Testing Guide..
Hi Nishe,


There has been a metrics project, if I recall correctly. But I am not sure how alive that is.


As SDL, there is CLASP, covering all roles and responsibilities inside a SDL.

The guides, as shown on the attachment, are documentations for a certain step during a development process. The guides being consistent over the whole process, as common reverence, the ASDR (application security desk reference).


The ASVS can be used as "what level use as target" and verification "what level is reached". There is also Threat Modeling information on the OWASP Wiki: http://www.owasp.org/index.php/Category:Threat_Modeling

What is following closely the Microsoft approach.


Hope this answers your question, else, don't hesitate to ask!





On Wed, May 12, 2010 at 10:56 PM, Nishi Kumar <nishi787 at hotmail.com> wrote:

Hi All,
I am in the process of creating the presentations for OWASP Testing Guide and had few questions. I am including here a screen shot of OWASP SDLC which I found in one of the Testing Guide presentation. 
1. What is the right documentation project for policy and Standards and Develop Metrics?
2. Is ASVS is the right document for Security Requirements and Threat Modeling?
Nishi Kumar
OWASP Global Education Committee


From: nishi787 at hotmail.com
To: paulo.coimbra at owasp.org; matteo.meucci at owasp.org
Date: Mon, 26 Apr 2010 16:10:25 -0500
CC: global_education_committee at lists.owasp.org
Subject: [Global_education_committee] OWASP Testing Guide..

Hi All,
I have to do two training session for for our QA team based on OWASP Testing guide. One a high level overview which brings general awareness of testing for Security and another one a detail session for the QA group who will actually be doing the application and infrastructure testing. Is there any existing power point presentation we have on OWASP Testing guide that I can leverage to prepare this presentation. I will appreciate if somebody can point me to any relevant material in this topic.
Nishi Kumar
OWASP Education Committee

The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy. 

The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy.

Global_education_committee mailing list
Global_education_committee at lists.owasp.org
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/f3dd35a1/attachment-0001.html 

More information about the Global_education_committee mailing list