Methodologies

Methodologies are optional for use within Canopy. However, Methodologies are there if your team needs them.

Why might you want to use Methodologies? In most environments, Methodologies are used for three main use cases (but you might have others!):

  1. To help ensure a minimum baseline of test coverage is achieved by all testers.

  2. To help guide junior testers.

  3. To provide test coverage feedback to clients, either using custom build methodologies or using industry frameworks, such as the https://owasp.org/asvs.

You can add one or more methodologies to a phase. This allows you to mix different methodologies as required.

Access Control

Any user who has at least write access to a phase can add/remove methodologies.

Adding a Methodology

Access the phase that you want to use a methodology on. Click on the Methodologies tab in the phase view:

../_images/methodology_list.png

Click on the + Methodology button. This will present you with a list of Methodologies to choose from:

../_images/methodology_add.png

You can select one or more, and add these to the phase. The list of methodologies associated with a phase will be updated.

Progressing through a Methodology

The main goal of the methodology is to indicate whether or not a given methodology item (or test case) has been checked. Additional information can also provide on how to perform the required checks have been processed.

Once you have completed a methodology item, you can set its status. The following statuses are supported:

../_images/methodology_main.png

It is also possible to link a methodology item to a finding (either an existing finding or you can create a new finding from the Methodology view). You can do this via the following section:

../_images/methodology_link_findings.png

Similar functionality is available for linking methodology items to assets. This can be useful if you need to track completeness across multiple assets, especially if feedback is required.

Additional capabilities

Methodology items can be linked to Finding KB entries within the Methodology Template. For further information, see: Methodology templates.

Note

Once this linking is set up, findings added will automatically trigger the methodology item to the Fail state. This happens during both manual Finding KB addition to a phase, and during tool importing.