[Owasp-bayarea] anyone got an app sec questionnaire webapp?

Shaun Gordon shaun at newrelic.com
Tue Jul 31 23:45:30 UTC 2012


A while back, I was playing with LimeSurvey (http://www.limesurvey.org/)
for exactly this purpose.  I never went any further than a quick PoC, but
it looked promising.

-Shaun*

Shaun Gordon  |  Director of Information Security & Compliance  |  New
Relic, Inc.  **|  www.newrelic.com*


On Tue, Jul 31, 2012 at 4:07 PM,
<travis+ml-owasp-bayarea at subspacefield.org>wrote:

> So suppose you are in software security for a big organization.
>
> You have multiple apps coming in for review and need to decide which
> deserve attention, and how much, and in what areas.
>
> You'd normally have many questions you'd ask to decide how much
> attention it takes, some of which you don't need to ask, depending on
> the application - for example, a mobile app developed by third parties
> has different questions than an intranet app developed in-house.
>
> So, if you dump hundreds of questions on devs, they freak out and
> may not complete it.
>
> So in the interest of effort reduction, it seems like this could
> be an interactive, "wizard"-type questionnaire.
>
> Obviously, it could be relatively easy to implement as a web app that
> spits out a report, but isn't too intimidating for devs since it's
> interactive and smart about which questions it skips.
>
> So, is there anything like this out there?
>
> If not, is there anyone interested in doing it as an open-source
> application?  Seems like it should be pretty easy to knock out if
> you pick the right tools for the job.
> --
> http://www.subspacefield.org/~travis/ | Yes, we Keynes!
>
> _______________________________________________
> Owasp-bayarea mailing list
> Owasp-bayarea at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bayarea
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20120731/3dd95735/attachment.html>


More information about the Owasp-bayarea mailing list