[WEB SECURITY] WASC Threat Classification vs. OWASP ASVS]

robert at webappsec.org robert at webappsec.org
Wed Jul 15 15:10:13 EDT 2009


> The other thing I like about the OWASP Testing Guide is that there are
> unique identifiers for each test e.g OWASP-IG-001 or OWASP-AT-002 [*].
> I uses these for reporting and much of the guide provide good
> boiler-plate for report generation.  I've used these as a standard to
> keep reporting consistent between apps and over time.
> 
> This is no knock on the WASC TC - I've got that on the OWASP Live CD
> because its _very_ useful. As soon as the next version is finalized, it
> will be on there too.

I am so glad you brought this up! Actually we ARE adding unique identifiers to the TCv2
we just haven't yet. We're currently debating the format of these identifiers and after
agreeing on this format will apply them to each section.

Regards,
- Robert Auger




----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list