[Owasp-testing] [OWASP ASVS] Documented workflows

Lovelace, Sunni SLovelace at geico.com
Thu Apr 26 14:09:57 UTC 2012

We us the OWASP Testing Guide to develop test cases.  But we also have an audit process that reviews the entire (SDLC) used during development for best practices and evidence that the best practices were followed.  


From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Jonathan Cran
Sent: Thursday, April 26, 2012 9:57 AM
To: crib bar
Cc: Owasp asvs; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] [OWASP ASVS] Documented workflows



On Thu, Apr 26, 2012 at 8:07 AM, crib bar <crib.bar at hotmail.co.uk> wrote:

Does anyone have any sort of documented workflow on the steps you take when performing a web application assessment. I know often it's a combination of tools and manual assessments when performing the audit, but there must be some sort of logical workflow you follow when doing an audit, i.e. 1) do this first .. 20) wrap up testing and write the report.


Isn't this the OWASP testing guide? 






This email/fax message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution of this
email/fax is prohibited. If you are not the intended recipient, please
destroy all paper and electronic copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120426/7fa5172c/attachment.html>

More information about the Owasp-testing mailing list