[Owasp-bayarea] anyone got an app sec questionnaire webapp?
shaun at newrelic.com
Tue Jul 31 23:45:30 UTC 2012
A while back, I was playing with LimeSurvey (http://www.limesurvey.org/)
for exactly this purpose. I never went any further than a quick PoC, but
it looked promising.
Shaun Gordon | Director of Information Security & Compliance | New
Relic, Inc. **| www.newrelic.com*
On Tue, Jul 31, 2012 at 4:07 PM,
<travis+ml-owasp-bayarea at subspacefield.org>wrote:
> So suppose you are in software security for a big organization.
> You have multiple apps coming in for review and need to decide which
> deserve attention, and how much, and in what areas.
> You'd normally have many questions you'd ask to decide how much
> attention it takes, some of which you don't need to ask, depending on
> the application - for example, a mobile app developed by third parties
> has different questions than an intranet app developed in-house.
> So, if you dump hundreds of questions on devs, they freak out and
> may not complete it.
> So in the interest of effort reduction, it seems like this could
> be an interactive, "wizard"-type questionnaire.
> Obviously, it could be relatively easy to implement as a web app that
> spits out a report, but isn't too intimidating for devs since it's
> interactive and smart about which questions it skips.
> So, is there anything like this out there?
> If not, is there anyone interested in doing it as an open-source
> application? Seems like it should be pretty easy to knock out if
> you pick the right tools for the job.
> http://www.subspacefield.org/~travis/ | Yes, we Keynes!
> Owasp-bayarea mailing list
> Owasp-bayarea at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-bayarea