[Owasp-codereview] [Owasp-leaders] Automated Code Review in a distribuited environment
thesp0nge at gmail.com
Tue Mar 31 03:26:58 EDT 2009
2009/3/30 Jeff Williams <jeff.williams at owasp.org>:
> The Top 10 is really not specific enough to be a reasonable benchmark for
> any tool. There is no tool in existence that can search everything covered
> by the T10, and probably never will be. It would be much more interesting
> to see which of the issues specified in the OWASP ASVS
A very little OT.
Jeff, Leaders, List, I'd like to remind you the project I started some
months ago: the Source code flaws Top 10
A very original Owasp Top 10 "little sister", dedicated only to source code.
The idea is not to overlap with the Testing guide but to provide a
bunch (10) of categories to be used when collecting results after a
"stay hungry, stay foolish"
OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
More information about the Owasp-codereview