[Owasp-testing] spreadsheets for testing guide / top ten

Boberski, Michael [USA] boberski_michael at bah.com
Mon Dec 14 15:03:13 EST 2009


Cool!

Spread the word :-)

Mike B.


________________________________
From: Jonathan Cran [mailto:jcran at 0x0e.org]
Sent: Monday, December 14, 2009 2:52 PM
To: Boberski, Michael [USA]
Cc: daniel cuthbert; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten

Michael,

Totally agreed, I was hesitant to put it out for that purpose.

The ASVS is fantastic, splitting the verification of an application into levels. Exactly what i've been looking for. This project should be publicized more!

jcran




On Mon, Dec 14, 2009 at 8:21 AM, Boberski, Michael [USA] <boberski_michael at bah.com<mailto:boberski_michael at bah.com>> wrote:
If you open asvs.xml using Excel, then you can save it as an Excel spreadsheet.

Download this: http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip

Unzip, then open asvs.xml, can accept defaults when importing, then can save as, then can add whatever columns to hold whatever test data.

Mike B.


________________________________
From: owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org> [mailto:owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>] On Behalf Of daniel cuthbert
Sent: Monday, December 14, 2009 4:45 AM
To: Jonathan Cran

Cc: owasp-testing at lists.owasp.org<mailto:owasp-testing at lists.owasp.org>
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten

The XMl version is pretty good, what we'd need is something that wouldn't require net access and could be easily archived with every test. As much as I dislike Excel, it does tick the boxes (excuse the pun) when it comes to testing apps and being thorough.



2009/12/14 Jonathan Cran <jcran at 0x0e.org<mailto:jcran at 0x0e.org>>
Cool, i'll check that out. In the meantime, here's a spreadsheet version of the 2010 Top10.

http://www.0x0e.org/x/OWASP-Top10-2010.xls

Cross-posting on the owasp-top10 list.

jcran

--
Jonathan Cran
jcran at 0x0e.org<mailto:jcran at 0x0e.org>
515.890.0080


On Sun, Dec 13, 2009 at 11:11 PM, Mike Boberski <mike.boberski at gmail.com<mailto:mike.boberski at gmail.com>> wrote:
Perhaps consider ASVS, there is an XML version you could use, see the
project page

On 12/13/09, Jonathan Cran <jcran at 0x0e.org<mailto:jcran at 0x0e.org>> wrote:
> A while back there was a thread discussing the need for a spreadsheet
> version of the testing guide (see;
> https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html) . i
> think the debate was mainly centered around whether or not an xls file would
> be acceptable.
>
> I was wondering if anything like this had been published?
>
> I've created versions in the past. I think it definitely makes sense to
> offer this as a supplement to the OWASP testing guide (and top 10), based on
> how many testers like to "check-off" portions of a test.
>
> Thoughts?
>
> jcran
>


--
Mike

_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-testing





--
Jonathan Cran
jcran at 0x0e.org<mailto:jcran at 0x0e.org>
515.890.0070
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20091214/7a04592b/attachment.html 


More information about the Owasp-testing mailing list