[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-testing
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten
From: "Boberski, Michael [USA]" <boberski_michael () bah ! com>
Date: 2009-12-14 20:03:13
Message-ID: 21D3693DA55EF14BB72DCC18FB65B29102335CF17D () ASHBMBX04 ! resource ! ds ! bah ! com
[Download RAW message or body]
Cool!
Spread the word :-)
Mike B.
________________________________
From: Jonathan Cran [mailto:jcran@0x0e.org]
Sent: Monday, December 14, 2009 2:52 PM
To: Boberski, Michael [USA]
Cc: daniel cuthbert; owasp-testing@lists.owasp.org
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten
Michael,
Totally agreed, I was hesitant to put it out for that purpose.
The ASVS is fantastic, splitting the verification of an application into le=
vels. Exactly what i've been looking for. This project should be publicized=
more!
jcran
On Mon, Dec 14, 2009 at 8:21 AM, Boberski, Michael [USA] <boberski_michael@=
bah.com<mailto:boberski_michael@bah.com>> wrote:
If you open asvs.xml using Excel, then you can save it as an Excel spreadsh=
eet.
Download this: http://owasp-asvs.googlecode.com/svn/trunk/documentation/asv=
s-xml.zip
Unzip, then open asvs.xml, can accept defaults when importing, then can sav=
e as, then can add whatever columns to hold whatever test data.
Mike B.
________________________________
From: owasp-testing-bounces@lists.owasp.org<mailto:owasp-testing-bounces@li=
sts.owasp.org> [mailto:owasp-testing-bounces@lists.owasp.org<mailto:owasp-t=
esting-bounces@lists.owasp.org>] On Behalf Of daniel cuthbert
Sent: Monday, December 14, 2009 4:45 AM
To: Jonathan Cran
Cc: owasp-testing@lists.owasp.org<mailto:owasp-testing@lists.owasp.org>
Subject: Re: [Owasp-testing] spreadsheets for testing guide / top ten
The XMl version is pretty good, what we'd need is something that wouldn't r=
equire net access and could be easily archived with every test. As much as =
I dislike Excel, it does tick the boxes (excuse the pun) when it comes to t=
esting apps and being thorough.
2009/12/14 Jonathan Cran <jcran@0x0e.org<mailto:jcran@0x0e.org>>
Cool, i'll check that out. In the meantime, here's a spreadsheet version of=
the 2010 Top10.
http://www.0x0e.org/x/OWASP-Top10-2010.xls
Cross-posting on the owasp-top10 list.
jcran
--
Jonathan Cran
jcran@0x0e.org<mailto:jcran@0x0e.org>
515.890.0080
On Sun, Dec 13, 2009 at 11:11 PM, Mike Boberski <mike.boberski@gmail.com<ma=
ilto:mike.boberski@gmail.com>> wrote:
Perhaps consider ASVS, there is an XML version you could use, see the
project page
On 12/13/09, Jonathan Cran <jcran@0x0e.org<mailto:jcran@0x0e.org>> wrote:
> A while back there was a thread discussing the need for a spreadsheet
> version of the testing guide (see;
> https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html) . i
> think the debate was mainly centered around whether or not an xls file wo=
uld
> be acceptable.
>
> I was wondering if anything like this had been published?
>
> I've created versions in the past. I think it definitely makes sense to
> offer this as a supplement to the OWASP testing guide (and top 10), based=
on
> how many testers like to "check-off" portions of a test.
>
> Thoughts?
>
> jcran
>
--
Mike
_______________________________________________
Owasp-testing mailing list
Owasp-testing@lists.owasp.org<mailto:Owasp-testing@lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-testing
--
Jonathan Cran
jcran@0x0e.org<mailto:jcran@0x0e.org>
515.890.0070
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18828"></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=563125319-14122009><FONT
face="Book Antiqua">Cool!</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=563125319-14122009><FONT
face="Book Antiqua"></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=563125319-14122009><FONT
face="Book Antiqua">Spread the word :-)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=563125319-14122009><FONT
face="Book Antiqua"></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><FONT face="Book Antiqua">Mike <SPAN
class=760305716-15062009>B.</SPAN></FONT></DIV>
<DIV> </DIV><BR>
<DIV dir=ltr lang=en-us class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> Jonathan Cran [mailto:jcran@0x0e.org]
<BR><B>Sent:</B> Monday, December 14, 2009 2:52 PM<BR><B>To:</B> Boberski,
Michael [USA]<BR><B>Cc:</B> daniel cuthbert;
owasp-testing@lists.owasp.org<BR><B>Subject:</B> Re: [Owasp-testing]
spreadsheets for testing guide / top ten<BR></FONT><BR></DIV>
<DIV></DIV>Michael, <BR><BR>Totally agreed, I was hesitant to put it out for
that purpose. <BR><BR>The ASVS is fantastic, splitting the verification of an
application into levels. Exactly what i've been looking for. This project should
be publicized more!<BR><BR>jcran<BR><BR><BR><BR><BR>
<DIV class=gmail_quote>On Mon, Dec 14, 2009 at 8:21 AM, Boberski, Michael [USA]
<SPAN dir=ltr><<A
href="mailto:boberski_michael@bah.com">boberski_michael@bah.com</A>></SPAN>
wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; \
PADDING-LEFT: 1ex" class=gmail_quote>
<DIV>
<DIV dir=ltr align=left><SPAN><FONT face="Book Antiqua">If you open asvs.xml
using Excel, then you can save it as an Excel spreadsheet.
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT
face="Book Antiqua"></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face="Book Antiqua">Download this: <A
href="http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip"
target=_blank>http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT
face="Book Antiqua"></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face="Book Antiqua">Unzip, then open
asvs.xml, can accept defaults when importing, then can save as, then can add
whatever columns to hold whatever test data.</FONT></SPAN></DIV>
<DIV align=left><FONT face="Book Antiqua"></FONT> </DIV>
<DIV align=left><FONT
face="Book Antiqua">Mike <SPAN>B.</SPAN></FONT></DIV>
<DIV> </DIV><BR>
<DIV dir=ltr lang=en-us align=left>
<HR>
<FONT size=2 face=Tahoma><B>From:</B> <A
href="mailto:owasp-testing-bounces@lists.owasp.org"
target=_blank>owasp-testing-bounces@lists.owasp.org</A> [mailto:<A
href="mailto:owasp-testing-bounces@lists.owasp.org"
target=_blank>owasp-testing-bounces@lists.owasp.org</A>] <B>On Behalf Of
</B>daniel cuthbert<BR><B>Sent:</B> Monday, December 14, 2009 4:45
AM<BR><B>To:</B> Jonathan Cran
<DIV class=im><BR><B>Cc:</B> <A href="mailto:owasp-testing@lists.owasp.org"
target=_blank>owasp-testing@lists.owasp.org</A><BR><B>Subject:</B> Re:
[Owasp-testing] spreadsheets for testing guide / top
ten<BR></DIV></FONT><BR></DIV>
<DIV>
<DIV></DIV>
<DIV class=h5>
<DIV></DIV>The XMl version is pretty good, what we'd need is something that
wouldn't require net access and could be easily archived with every test. As
much as I dislike Excel, it does tick the boxes (excuse the pun) when it comes
to testing apps and being thorough.
<DIV><BR></DIV>
<DIV><BR><BR>
<DIV class=gmail_quote>2009/12/14 Jonathan Cran <SPAN dir=ltr><<A
href="mailto:jcran@0x0e.org" target=_blank>jcran@0x0e.org</A>></SPAN><BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0px 0px 0px 0.8ex; \
PADDING-LEFT: 1ex" class=gmail_quote>Cool, i'll check that out. In the meantime, \
here's a spreadsheet version of the 2010 Top10. <BR><BR><A
href="http://www.0x0e.org/x/OWASP-Top10-2010.xls"
target=_blank>http://www.0x0e.org/x/OWASP-Top10-2010.xls</A><BR><BR>Cross-posting \
on the owasp-top10 list. <BR><BR>jcran<BR clear=all><BR>-- <BR>
<DIV>Jonathan Cran<BR><A href="mailto:jcran@0x0e.org"
target=_blank>jcran@0x0e.org</A><BR></DIV>515.890.0080
<DIV>
<DIV></DIV>
<DIV><BR><BR>
<DIV class=gmail_quote>On Sun, Dec 13, 2009 at 11:11 PM, Mike Boberski <SPAN
dir=ltr><<A href="mailto:mike.boberski@gmail.com"
target=_blank>mike.boberski@gmail.com</A>></SPAN> wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; \
PADDING-LEFT: 1ex" class=gmail_quote>Perhaps consider ASVS, there is an XML version \
you could use, see the<BR>project page<BR>
<DIV>
<DIV></DIV>
<DIV><BR>On 12/13/09, Jonathan Cran <<A href="mailto:jcran@0x0e.org"
target=_blank>jcran@0x0e.org</A>> wrote:<BR>> A while back there was
a thread discussing the need for a spreadsheet<BR>> version of the
testing guide (see;<BR>> <A
href="https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html"
target=_blank>https://lists.owasp.org/pipermail/owasp-testing/2008-May/001540.html</A>) \
. i<BR>> think the debate was mainly centered around whether or not an
xls file would<BR>> be acceptable.<BR>><BR>> I was wondering if
anything like this had been published?<BR>><BR>> I've created
versions in the past. I think it definitely makes sense to<BR>> offer
this as a supplement to the OWASP testing guide (and top 10), based
on<BR>> how many testers like to "check-off" portions of a
test.<BR>><BR>> Thoughts?<BR>><BR>>
jcran<BR>><BR><BR><BR></DIV></DIV>--<BR><FONT
color=#888888>Mike<BR></FONT></BLOCKQUOTE></DIV></DIV></DIV><BR>_______________________________________________<BR>Owasp-testing \
mailing list<BR><A href="mailto:Owasp-testing@lists.owasp.org"
target=_blank>Owasp-testing@lists.owasp.org</A><BR><A
href="https://lists.owasp.org/mailman/listinfo/owasp-testing"
target=_blank>https://lists.owasp.org/mailman/listinfo/owasp-testing</A><BR><BR></BLOCKQUOTE></DIV><BR></DIV></DIV></DIV></DIV></BLOCKQUOTE></DIV><BR><BR \
clear=all><BR>-- <BR>Jonathan Cran<BR><A
href="mailto:jcran@0x0e.org">jcran@0x0e.org</A><BR>515.890.0070<BR></BODY></HTML>
_______________________________________________
Owasp-testing mailing list
Owasp-testing@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing
--===============0405897971==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic