Open Source Security Assessment Report OSSAR v0.5 released
The OSSAR report has been created by Digital Encode Company and its based on OSSTMM & OWASP to overall security tests.
This document is a VA/PT report for a fictitious bank called eClipse Bank PLC carried out by another fictitious company Cynergi Solutions Inc. All names, URLs, IPs, etc are fictitious. Some of the vulnerabilities discussed have actually occurred for real.
Here is a kind of contribution i’d like to see. Maybe the author should add Open standards entries to score and identify vulnerabilities (CVE, CVSS, CWE etc etc) and also a final board to enumerate all findings. VulnerabilityAsssement.co.uk team has already designed a great framework to conduct pentests.
Hope one day we all joined hands to release something common and structured.
All in all, the report is really nice to read.
