[Owasp-testing] Code Review project and Code-Scanning-Tool(s)
Dinis Cruz
dinis at ddplus.net
Wed Jan 17 20:34:28 EST 2007
We must take this opportunity and use some of the energy that is going into
the Code Review Guide to create a Code Scanning Tool which identifies the
issues raised.
I don't care if in its initial version it is just a bunch of regEx and
cleaver searches (ideally we would expand of projects like our own OWASP
LAPSE Project <https://www.owasp.org/index.php/Category:OWASP_LAPSE_Project>,
but I don't want the guide to be depended on a tool development)
What I would like to happen is that for each major issue (or 'gotcha')
covered in the Guide, information would be provided on how to detect that in
a semi-automatic way.
I know that there are exceptions (and let's keep the business logic
vulnerabilities out of this one) but most issues should be detectable.
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070118/ffb21016/attachment.html
More information about the Owasp-testing
mailing list