[Owasp-codereview] White box assessment estimation

Mostafa Siraj mostafa.siraj at gmail.com
Wed Mar 25 14:58:37 UTC 2015

If you're using professional tools like HP Fortify or IBM AppScan Source,
you can be quite fast 20-25 k LoC. If you're using open source/grep tools
it will definitely takes longer 6-8 k LoC.

On 24 Mar 2015 22:38, "Maldonado, Eduardo" <eduardomaldonado at kpmg.com.mx>

>  Dear list,
> I was wondering if there is a standard to estimate the effort required to
> perform a White box assessment. Could anybody help me please?
> In my experience, any auditor can assess approximately 5000 LoC per day,
> but I need to perform an estimation based on standards.
> Thanks and regards,
> *Eduardo Maldonado*
> Supervising Sr. – IT Advisory
> Management Consulting
> KPMG Cárdenas Dosal, S. C. (México)
> Email: *eduardomaldonado at kpmg.com.mx* <eduardomaldonado at kpmg.com.mx>
> Directo: + 52 (55) 52 46 8667
>  ***********************************************************************
> The information in this e-mail is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this e-mail
> by anyone else is unauthorized. If you have received this communication in
> error, please address with the subject heading "Received in error," send to
> the original sender , then delete the e-mail and destroy any copies of it.
> If you are not the intended recipient, any disclosure, copying,
> distribution or any action taken or omitted to be taken in reliance on it,
> is prohibited and may be unlawful. Any opinions or advice contained in this
> e-mail are subject to the terms and conditions expressed in the governing
> KPMG client engagement letter. Opinions, conclusions and other information
> in this e-mail and any attachments that do not relate to the official
> business of the firm are neither given nor endorsed by it.
> KPMG cannot guarantee that e-mail communications are secure or error-free,
> as information could be intercepted, corrupted, amended, lost, destroyed,
> arrive late or incomplete, or contain viruses.
> This email is being sent out by KPMG International on behalf of the local
> KPMG member firm providing services to you. KPMG International Cooperative
> (“KPMG International”) is a Swiss entity that serves as a coordinating
> entity for a network of independent firms operating under the KPMG name.
> KPMG International provides no services to clients. Each member firm of
> KPMG International is a legally distinct and separate entity and each
> describes itself as such. Information about the structure and jurisdiction
> of your local KPMG member firm can be obtained from your KPMG
> representative.
> This footnote also confirms that this e-mail message has been swept by
> AntiVirus software.
> ***********************************************************************
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-codereview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-codereview/attachments/20150325/71826418/attachment.html>

More information about the Owasp-codereview mailing list