[OWASP-Bangalore] Details on effort needed to remediate the static scan findings.

Akash akashmahajan at gmail.com
Tue Jan 7 09:16:23 UTC 2014

Hi Vinod,

I don't think you can get any sort of average time (which is reliable) for
fixing XSS etc. unless you can freeze on the language, framework and a
particular coding standard.

On 7 January 2014 13:35, Kannan, Vinod K <vinod.k.kannan at jpmorgan.com>wrote:

>  Hi All,
> I am trying to create an algorithm to calculate the total effort in man
> hours to fix the findings from a web static scan. Please let me know if
> there is any good and recognized source from where I could get the details
> like average time to fix different vulnerabilities like  SQLi or XSS and so
> on.
> Regards,
> Vinod Kannan
> App Sec consultant - JPMC
> This email is confidential and subject to important disclaimers and
> conditions including on offers for the purchase or sale of securities,
> accuracy and completeness of information, viruses, confidentiality, legal
> privilege, and legal entity disclaimers, available at
> http://www.jpmorgan.com/pages/disclosures/email.
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore

Warm regards,
Akash Mahajan

*That Web Application Security Guy* | +91 99 805 271 82
akashm.com | *@makash* on twitter | linkd.in/webappsecguy
*OWASP Bangalore Chapter Lead | null Community Manager*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20140107/13378d37/attachment.html>

More information about the OWASP-Bangalore mailing list