[Owasp-bayarea] anyone got an app sec questionnaire webapp?

travis+ml-owasp-bayarea at subspacefield.org travis+ml-owasp-bayarea at subspacefield.org
Tue Jul 31 23:07:59 UTC 2012

So suppose you are in software security for a big organization.

You have multiple apps coming in for review and need to decide which
deserve attention, and how much, and in what areas.

You'd normally have many questions you'd ask to decide how much
attention it takes, some of which you don't need to ask, depending on
the application - for example, a mobile app developed by third parties
has different questions than an intranet app developed in-house.

So, if you dump hundreds of questions on devs, they freak out and
may not complete it.

So in the interest of effort reduction, it seems like this could
be an interactive, "wizard"-type questionnaire.

Obviously, it could be relatively easy to implement as a web app that
spits out a report, but isn't too intimidating for devs since it's
interactive and smart about which questions it skips.

So, is there anything like this out there?

If not, is there anyone interested in doing it as an open-source
application?  Seems like it should be pretty easy to knock out if
you pick the right tools for the job.
http://www.subspacefield.org/~travis/ | Yes, we Keynes!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20120731/f7ae9f4f/attachment.pgp>

More information about the Owasp-bayarea mailing list