[GPC] OWASP code review guide V2.0

Paulo Coimbra paulo.coimbra at owasp.org
Tue Jul 27 16:35:10 EDT 2010



Please see below for your information.




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
Sent: terça-feira, 27 de Julho de 2010 21:37
To: <paulo.coimbra at owasp.org>; Owasp-codereview at lists.owasp.org; OWASP
Foundation Board List; Alessio Marziali; dinis cruz
Subject: OWASP code review guide V2.0


Hi Paulo,

can you inform the GPC of my intention to produce as new version of the code
review guide by January 2011. This is the same time the testing guide shall
be released.

Major enhancements:


Introduction to be re-written.

Approach to code review (Risk based approach)to be re-written, re designed.

Examples by Vulnerability and Technical control to be expanded and refined

Common Numbering nomenclature to be used.

Cross reference to TG and ASVS to be done.

New sections on tools to be introduced.

Expand technology specific sections

Section on RIA (Rich Internet applications) to be introduced.

WebServices section to be refined

Malware and rootkit sections to be introduced.

PCI section to be rewritten with more x-reference to other guides.


Other ideas:


ESAPI section: how to review OWASP ESAPI implementations?

Risk based approach Vs ASVS levels

Threat modeling and Triage chapters to be revised

OWASP O2 section on O2 rules definition, development.

Crawling code: Additional search vectors to be added

Section on Code Crawler, quick start & configuration guide


Suggestions, comments, ideas?

Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20100727/92a648f7/attachment.html 

More information about the Global-projects-committee mailing list