Wednesday, May 27, 2009

Web App Security Assessment Report Generator (WA-SARG)

To generate assessment report, the following famous two methodologies are used as framework or checklists. Practical skills on tools and knowledge are required to perform the assessments accurately according to defined methodology. Carrying out assessments that satisfy all tasks mentioned in these methodologies ensures reasonable level of security. They provide pentesters baseline checklists so as not to miss anything. For more information, please buy "Web Application Hacker's Handbook" for Portwigger and download OWASP Testing Guide from owasp.org. If you'd like to propose hybrid methodologies combined with your own experience, don't hesitate to contact us. Over time, these methodologies need to be updated to cope with evolving attack vectors and threats.

  1. PortSwigger
  2. OWASP Testing Guide v2
  3. OWASP Testing Guide v3
Privacy Policy:
  • No data is sent to our server.

  • Purely generated by JavaScript alone.
Some words:
  • Avoid using it as a checklist if you have limited time;
    hence low-hanging fruits first!
  • Take a look at OWA-SM for overall Security Life Cycle.
  • Choose tests to perform, delete untested tests.

  • Tick 'Yes' radiobutton if you find vulnerabilities or 'No' if not.
  • Tick the checkbox for tasks you've performed.

  • Click Result/Note to write notes/results for your findings, fixes ...etc.
    There feel free to press 'Tab'. It won't take you to next checkbox.
    The notation Result/Note** used to show you've written notes for the particular test.
  • Click 'Generate Report' and print page (as PDF) for future reference.
  • View samples - HTML & PDF.