[Owasp-testing] spreadsheets for testing guide / top ten

Jonathan Cran jcran at 0x0e.org
Mon Dec 14 14:51:50 EST 2009


Michael,

Totally agreed, I was hesitant to put it out for that purpose.

The ASVS is fantastic, splitting the verification of an application into
levels. Exactly what i've been looking for. This project should be
publicized more!

jcran




On Mon, Dec 14, 2009 at 8:21 AM, Boberski, Michael [USA] <
boberski_michael at bah.com> wrote:

>  If you open asvs.xml using Excel, then you can save it as an Excel
> spreadsheet.
>
> Download this:
> http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip
>
> Unzip, then open asvs.xml, can accept defaults when importing, then can
> save as, then can add whatever columns to hold whatever test data.
>
> Mike B.
>
>
>  ------------------------------
> *From:* owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] *On Behalf Of *daniel cuthbert
> *Sent:* Monday, December 14, 2009 4:45 AM
> *To:* Jonathan Cran
>
> *Cc:* owasp-testing at lists.owasp.org
> *Subject:* Re: [Owasp-testing] spreadsheets for testing guide / top ten
>
> The XMl version is pretty good, what we'd need is something that wouldn't
> require net access and could be easily archived with every test. As much as
> I dislike Excel, it does tick the boxes (excuse the pun) when it comes to
> testing apps and being thorough.
>
>
>
> 2009/12/14 Jonathan Cran <jcran at 0x0e.org>
>
>> Cool, i'll check that out. In the meantime, here's a spreadsheet version
>> of the 2010 Top10.
>>
>> http://www.0x0e.org/x/OWASP-Top10-2010.xls
>>
>> Cross-posting on the owasp-top10 list.
>>
>> jcran
>>
>> --
>> Jonathan Cran
>> jcran at 0x0e.org
>> 515.890.0080
>>
>>
>> On Sun, Dec 13, 2009 at 11:11 PM, Mike Boberski <mike.boberski at gmail.com>wrote:
>>
>>> Perhaps consider ASVS, there is an XML version you could use, see the
>>> project page
>>>
>>> On 12/13/09, Jonathan Cran <jcran at 0x0e.org> wrote:
>>> > A while back there was a thread discussing the need for a spreadsheet
>>> > version of the testing guide (see;
>>> > https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html)
>>> . i
>>> > think the debate was mainly centered around whether or not an xls file
>>> would
>>> > be acceptable.
>>> >
>>> > I was wondering if anything like this had been published?
>>> >
>>> > I've created versions in the past. I think it definitely makes sense to
>>> > offer this as a supplement to the OWASP testing guide (and top 10),
>>> based on
>>> > how many testers like to "check-off" portions of a test.
>>> >
>>> > Thoughts?
>>> >
>>> > jcran
>>> >
>>>
>>>
>>> --
>>> Mike
>>>
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>
>


-- 
Jonathan Cran
jcran at 0x0e.org
515.890.0070
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20091214/5c74a662/attachment.html 


More information about the Owasp-testing mailing list