Difference between revisions of "Writing Reports: value the real risk"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:OWASP Testing Guide v2}}
 
{{Template:OWASP Testing Guide v2}}
 
+
In this Chapter is described how to value the real risk for the purposes of a security assessment. The idea is to create a general methodology to break down the security findings and evaluate the risks with the goal of prioritize and manage them.  
 
+
It is presented a table that can easly represent a snapshot of the assessment. This table represents the technical informations to deliver to the client, then it is important to present another executive summary fo the management.
...Intro here...<br>
+
<br>
  
 
[[How to value the real risk AoC|5.1 How to value the real risk]] <br>
 
[[How to value the real risk AoC|5.1 How to value the real risk]] <br>
 
[[How to write the report of the testing AoC|5.2 How to write the report of the testing]]<br>
 
[[How to write the report of the testing AoC|5.2 How to write the report of the testing]]<br>
 
<br> <br>
 
<br> <br>
[[OWASP Testing Guide v2 Table of Contents]]
+
 
{{Template:Stub}}
+
 
{{Category:OWASP Testing Project AoC}}
 
{{Category:OWASP Testing Project AoC}}

Revision as of 13:24, 19 November 2006

OWASP Testing Guide v2 Table of Contents

In this Chapter is described how to value the real risk for the purposes of a security assessment. The idea is to create a general methodology to break down the security findings and evaluate the risks with the goal of prioritize and manage them. It is presented a table that can easly represent a snapshot of the assessment. This table represents the technical informations to deliver to the client, then it is important to present another executive summary fo the management.

5.1 How to value the real risk
5.2 How to write the report of the testing



OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents