Methodologies (or Checklists, as they are also referred to) in Canopy are useful for many situations, including:
Helping testers follow a detailed test plan (e.g. a web application testing methodology)
Tracking what testers have done as part of the engagement (e.g. attestation checklist)
Methodologies contain a list of methodology items. These items are used to capture the information that is useful for the testers and other teams members to follow, including information such as:
The title of the methodology items
A unique reference for ease of identification and tracing (in Canopy, in reports, etc.)
Detailed fields for capturing descriptions, testing guides and so on
Creating a methodology template
Canopy allows you to build your own methodologies for driving testing.
Adding a methodology template
Adding a methodology template can be done through the Templates → Methodology section, accessed via the main navigation menu.
Only users with sufficient privileges are able to create and modify methodology templates.
This will bring up the list of existing methodologies defined in the system. Click on the +METHODOLOGY TEMPLATE button, which displays the following screen:
A title and description can be set to help distinguish between different methodology templates.
Adding methodology items
Once the methodology template has been created, it’s easy to start adding items. Click on the +METHODOLOGY ITEM button. This presents you with an edit window where you can add information such as the reference, title, descriptions, test guides, set ratings and so on.
Linking methodologies to the findings KB
You can also link a methodology template item to a KB finding (or multiple). For example:
This will then suggest appropriate findings to a user if they’re using the methodology during testing, so they know which findings should be used when a given methodology item has failed (or passed, if using positive/negative testing).
Adding a methodology to a phase
Any user with write permissions on a project/phase can add methodologies to a phase. You can do this by clicking on the "Methodologies" tab in the phase view:
And then clicking on the “+Methodology” button and selecting one or more methodologies from the available list:
Once selected, the user can then start working on the methodology.
Working through methodologies and tracking progress
One of the most typical use cases for methodologies is for following a testing methodology. For example, testers can mark methodology items as passed, failed, out-of-scope, etc.
When the user indicates the status of a methodolgy item, the overall progress is summarised for that methodology:
And also on the project level for all methodologies:
Creating/Linking findings and assets from a methodology
When using a methodology, you can create findings and assets from the methodology view itself - without needing to go back to the finding/asset views. For teams using methodologies, this is a time saver.
Add a new finding
Add a finding from the Finding KB
Link to an existing finding
If a template finding has been linked to a methodology, when clicking the "Add finding from KB" button, you will be presented with the linked (starred) findings first.
Assets can also be linked to the individual methodology items. This is useful if you need to perform fine-grained linking for methodology items (checks) again.
Methodologies and reports
It’s possible to output the methodology items and results in reports. This can be useful for showing test case coverage with open frameworks like the OWASP v4 Test Methodology or compliance with the OWASP Application Security Verification Standard. This can be done on a per finding basis, per asset basis, or for the entire methodology (e.g. summary section/appendix of a report).
Of course, it’s also possible to add your own methodologies for test coverage, compliance or simple test attestation checklists.