[Owasp-codereview] Code Review Guide: Update
eoin.keary at owasp.org
Thu May 29 05:30:13 EDT 2008
this is great news as it is the right place for Orizon documentation. Think
of the code review guide as a supporting book for the Orizon tool. This is
something other tools don't have, a complete guide discussing the theory and
practical aspects of code review and also a guide on how to use the Orizon
Its a perfect interconnect between an OWASP tool and one of the trinity of
Can you update the wiki when as you go so we can all see the progress and
On 29/05/2008, Paolo Perego <thesp0nge at gmail.com> wrote:
> 2008/5/28 Eoin <eoin.keary at owasp.org>:
> > Hello my fellow security colleagues :)
> > May I ask that anyone which is contributing to the OWASP Code review
> > please start updating the wiki with their work :)
> > This shall help in reviewing the work and brainstorming.
> Hi Eoin and Hi everybody.
> As one of my Spoc 2008 goals is to improve Owasp Orizon documentation,
> I take the "The Owasp Orizon Framework" section in the "Automating
> Code Reviews" chapter.
> In my opinion in our guide we need to define a sort of "top 10" or
> "top 5" or "top something" vulnerabilities in order to give people
> performing a code review some metrics in order to perform their
> Let me explain further. When I perform an Ethical Hacking I prepare
> report to my customer saying "hey, you missed Owasp Top 10 point 1, 4
> and 5. Your application and your application server are prone to this
> vuln and this one. Do something".
> It would be great having a group of source code vulnerability
> categories (language independent) in order to give people the
> opportunity to make code review reports saying "hey, your code is
> missing Owasp CR Guide point 1.1 (Input Validation -> filter input in
> Servlet doGet() method)".
> May be I'll try to create over the wiki a sort of our TOP 10 and we
> can make some brainstorming about this.
> What about this?
> Ciao ciao
> Paolo Perego <thesp0nge at owasp.org>, Owasp Orizon Project leader
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
Eoin Keary OWASP - Ireland
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-codereview