[Owasp-testing] Documented workflows

Lovelace, Sunni SLovelace at geico.com
Thu Apr 26 13:14:29 UTC 2012

I work for a Fortune 500 Insurance company and we run the tool AppScan in our development and test regains.   

-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of crib bar 
Sent: Thursday, April 26, 2012 9:07 AM
To: Owasp asvs ; owasp-testing at lists.owasp.org 
Subject: [Owasp-testing] Documented workflows

Does anyone have any sort of documented workflow on the steps you take when performing a web application assessment. I know often it's a combination of tools and manual assessments when performing the audit, but there must be some sort of logical workflow you follow when doing an audit, i.e. 1) do this first .. 20) wrap up testing and write the report.
There must be some tests you run before others, and some areas of the app tested before other areas. I just wondered if you have a workflow that you follow when you do your audits if anyone could share the workflow of whats tested first, perhaps a 1-20 type guide, with 1 being the first thing you do when engaging in a new audit, and 20 being the final thing.  
If you do have such a workflow, can you share it? Or point me in the direction of a template workflow that you perhaps built your internal audit workflow on...
Sent using BlackBerry® from Orange
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
This email/fax message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution of this
email/fax is prohibited. If you are not the intended recipient, please
destroy all paper and electronic copies of the original message.

More information about the Owasp-testing mailing list