[Owasp-leaders] Fwd: Vendors for OWASP Standards Testing

Boberski, Michael [USA] boberski_michael at bah.com
Wed Sep 8 09:05:02 EDT 2010

Umm, there is no registry, I'd gotten it up, then it got blown away.

At this point, I would be happy to stand one up outside of OWASP if enough people are interested. Please email me directly if so, and if there are enough, I'll just do it.

I can tell folks anecdotally that the inability to make purchasing OWASP-based services "easy" by providing consumers with the ability to shop a list of "normalized" service providers has cost OWASP-based service and solution adoption quite dearly from my vantage point, opportunities lost, legacy services and solutions simply stuck with. OWASP solutions only used when they can be sneaked in, or cannibalized from, to use as "glue" to other solutions or services.

PS, not really looking to re-engage on this, I somehow got re-subscribed to all the various lists, so... Boo! The ghost of Mike B. lives, just in time for Halloween, a month early anyway.

PPS, put the registry back! (in the voice of Gene Wilder in "Young Frankenstein")


Mike B.

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Christian Heinrich
Sent: Tuesday, September 07, 2010 11:43 PM
To: Owasp-Leaders at Lists. Owasp
Subject: [Owasp-leaders] Fwd: Vendors for OWASP Standards Testing

Besides ASVS, should the "Quotes" or the Services Registry also be
brought to Kaushal's attention?

---------- Forwarded message ----------
From: Kaushal Parikh <kaupar at gmail.com>
Date: Wed, Sep 8, 2010 at 12:26 PM
Subject: Re: [Owasp-singapore] Vendors for OWASP Standards Testing
To: Christian Heinrich <christian.heinrich at owasp.org>
Cc: owasp-singapore at lists.owasp.org

Hi Christian
Thanks for the response.
We just require the names of vendors who can do such Compliance
testing for us or our preferred vendors who help support the
applications for us on thier own infrastructure.
I need some references of such vendors in SG or APAC who can be
contacted at the earliest.

On Wed, Sep 8, 2010 at 10:23 AM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> Kaushal,
> http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
> is preferred but OWASP does *not* endorse products and/or services
> unlike the PCI SSC.
> On Wed, Sep 8, 2010 at 12:11 PM, Kaushal Parikh <kaupar at gmail.com> wrote:
> > Is there any preferred list of Vendors who can do the testing of Web
> > applications as per OWASP standards in Singapore?
> > If yes ,where can i find the list of such vendors.
> > something similar to the link below
> > https://www.pcisecuritystandards.org/pdfs/asv_report.html

Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list