Security Testing Model

“Tools do not make software secure! They help scale the process and help enforce policy.” – Michael Howard

Today I spent a bit of time working on a security model for any web application that hopefully other teams besides will use. I decided to share it with all since I had a hard time finding existing resources online. I am still working on the detailed description of each task. I will make that available after I complete it. For now here is the model:

Please let me know your suggestions so I can improve it.