[Owasp-leaders] I am glad to announce we've just set a new project up - the OWASP Myth Breakers Project, led by Stefano Di Paola & Dinis Cruz.
dave.wichers at owasp.org
Tue Mar 1 15:43:54 EST 2011
I did a talk last fall at AppSec DC on 'Strengths of Combining Code Review
with Application Penetration Testing
Application_Penetration_Testing> '. One major point of my talk was to try to
bust the 'myth' that code review is way more expensive than pen testing, and
that we can't find enough qualified code reviewers. There are millions of
really good developers that can be taught how to review code. There aren't
anywhere near as many good pen testers. So it's my position that its
'easier' to find and use good code reviewers than pen testers, not harder,
and that code review is far more effective than pen testing overall, and
really shines when both are done together.
This is not obvious from the title of my talk but I was trying to not offend
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Stefano Di Paola
Sent: Tuesday, March 01, 2011 3:29 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] I am glad to announce we've just set a new
project up - the OWASP Myth Breakers Project, led by Stefano Di Paola &
in the next days we'll put together the ideas and start the mailing
Anyone with some ideas about legends to be busted is encouraged to note
it down and send it to the new mailing list as soon as it'll be
On Tue, Mar 1, 2011 at 1:41 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
I am glad to announce we've just set a new project up - the OWASP Myth
Breakers Project, led by Stefano Di Paola & Dinis Cruz.
The project's purpose is "similar to http://dsc.discovery.com/tv/mythbusters
but for appsec, urban legends and assumptions regarding appsec will be
tested and there'll be a set of examples that will prove the
correctness/incorrectness of a statement related to the question. Every
question will be answered in the mailing list and further, a page on the
OWASP site will be created to report the results. Also anyone will be able
to use the contents of the page/ml in OWASP conferences to spread the verb
about what's an urban legend and what's not".
As always, your suggestions and contributions would be greatly appreciated.
OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra>
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders