[WEB SECURITY] WASC Threat Classification vs. OWASP ASVS

Roger Munk roger.munk at gmail.com
Mon Jul 13 14:09:26 EDT 2009


I'm putting together a requirements list for black box web pen testing
and want to include a standards requirement. I've looked intothe WASC
Threat Classification and OWASP's ASVS. The former seems to focus on
high level threats, while the latter on testing controls present in
the app. With the release of version two of the threat classification,
which standard is more appropriate to use for web app pen testing and
why?

Thanks,
  Roger

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list