[Owasp-board] OWASP code review guide V2.0

Eoin eoin.keary at owasp.org
Tue Jul 27 20:36:47 UTC 2010


Hi Paulo,
can you inform the GPC of my intention to produce as new version of the code
review guide by January 2011. This is the same time the testing guide shall
be released.
*Major enhancements:*

Introduction to be re-written.
Approach to code review (Risk based approach)to be re-written, re designed.
Examples by Vulnerability and Technical control to be expanded and refined
Common Numbering nomenclature to be used.
Cross reference to TG and ASVS to be done.
New sections on tools to be introduced.
Expand technology specific sections
Section on RIA (Rich Internet applications) to be introduced.
WebServices section to be refined
Malware and rootkit sections to be introduced.
PCI section to be rewritten with more x-reference to other guides.

*Other ideas:*

ESAPI section: how to review OWASP ESAPI implementations?
Risk based approach Vs ASVS levels
Threat modeling and Triage chapters to be revised
OWASP O2 section on O2 rules definition, development.
Crawling code: Additional search vectors to be added
Section on Code Crawler, quick start & configuration guide

Suggestions, comments, ideas?


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100727/17d14d62/attachment-0002.html>


More information about the Owasp-board mailing list