[Owasp-testing] Documented workflows

crib bar crib.bar at hotmail.co.uk
Thu Apr 26 13:07:23 UTC 2012

Does anyone have any sort of documented workflow on the steps you take when performing a web application assessment. I know often it's a combination of tools and manual assessments when performing the audit, but there must be some sort of logical workflow you follow when doing an audit, i.e. 1) do this first .. 20) wrap up testing and write the report.
There must be some tests you run before others, and some areas of the app tested before other areas. I just wondered if you have a workflow that you follow when you do your audits if anyone could share the workflow of whats tested first, perhaps a 1-20 type guide, with 1 being the first thing you do when engaging in a new audit, and 20 being the final thing.  
If you do have such a workflow, can you share it? Or point me in the direction of a template workflow that you perhaps built your internal audit workflow on...
Sent using BlackBerry® from Orange

More information about the Owasp-testing mailing list