[Owasp-board] OWASP code review guide V2.0
Paulo Coimbra
paulo.coimbra at owasp.org
Tue Jul 27 20:35:10 UTC 2010
GPC,
Please see below for your information.
Thanks,
Paulo Coimbra,
<https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
Sent: terça-feira, 27 de Julho de 2010 21:37
To: <paulo.coimbra at owasp.org>; Owasp-codereview at lists.owasp.org; OWASP
Foundation Board List; Alessio Marziali; dinis cruz
Subject: OWASP code review guide V2.0
Hi Paulo,
can you inform the GPC of my intention to produce as new version of the code
review guide by January 2011. This is the same time the testing guide shall
be released.
Major enhancements:
Introduction to be re-written.
Approach to code review (Risk based approach)to be re-written, re designed.
Examples by Vulnerability and Technical control to be expanded and refined
Common Numbering nomenclature to be used.
Cross reference to TG and ASVS to be done.
New sections on tools to be introduced.
Expand technology specific sections
Section on RIA (Rich Internet applications) to be introduced.
WebServices section to be refined
Malware and rootkit sections to be introduced.
PCI section to be rewritten with more x-reference to other guides.
Other ideas:
ESAPI section: how to review OWASP ESAPI implementations?
Risk based approach Vs ASVS levels
Threat modeling and Triage chapters to be revised
OWASP O2 section on O2 rules definition, development.
Crawling code: Additional search vectors to be added
Section on Code Crawler, quick start & configuration guide
Suggestions, comments, ideas?
--
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author
Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100727/92a648f7/attachment-0002.html>
More information about the Owasp-board
mailing list