[Owasp-testing] spreadsheets for testing guide / top ten

Boberski, Michael [USA] boberski_michael at bah.com
Mon Dec 14 08:21:13 EST 2009

If you open asvs.xml using Excel, then you can save it as an Excel spreadsheet.

Download this: http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip

Unzip, then open asvs.xml, can accept defaults when importing, then can save as, then can add whatever columns to hold whatever test data.

Mike B.

From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of daniel cuthbert
Sent: Monday, December 14, 2009 4:45 AM
To: Jonathan Cran
Cc: owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten

The XMl version is pretty good, what we'd need is something that wouldn't require net access and could be easily archived with every test. As much as I dislike Excel, it does tick the boxes (excuse the pun) when it comes to testing apps and being thorough.

2009/12/14 Jonathan Cran <jcran at 0x0e.org<mailto:jcran at 0x0e.org>>
Cool, i'll check that out. In the meantime, here's a spreadsheet version of the 2010 Top10.


Cross-posting on the owasp-top10 list.


Jonathan Cran
jcran at 0x0e.org<mailto:jcran at 0x0e.org>

On Sun, Dec 13, 2009 at 11:11 PM, Mike Boberski <mike.boberski at gmail.com<mailto:mike.boberski at gmail.com>> wrote:
Perhaps consider ASVS, there is an XML version you could use, see the
project page

On 12/13/09, Jonathan Cran <jcran at 0x0e.org<mailto:jcran at 0x0e.org>> wrote:
> A while back there was a thread discussing the need for a spreadsheet
> version of the testing guide (see;
> https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html) . i
> think the debate was mainly centered around whether or not an xls file would
> be acceptable.
> I was wondering if anything like this had been published?
> I've created versions in the past. I think it definitely makes sense to
> offer this as a supplement to the OWASP testing guide (and top 10), based on
> how many testers like to "check-off" portions of a test.
> Thoughts?
> jcran


Owasp-testing mailing list
Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20091214/44859db9/attachment-0001.html 

More information about the Owasp-testing mailing list