[Owasp-leaders] Owasp Source Code Flaws Top 10 Project

Paolo Perego thesp0nge at owasp.org
Mon Dec 15 09:10:36 EST 2008


Hello leaders, I'm really happy to announce a new documentation project I
started today. Our Top 10 most critical web app vulnerabilities is the
standard de facto when trying to summarize findings when you assess a web
application. And it is great.

Looking at source code assessment (or code review, or static analysis, or
whatever the name you want to use :-)), nothing like this exists. Gary
McGraw introduced the 7 kingdoms as taxonomy. I started looking at this
great job extending it to meet Owasp Top 10 like template.
I also used categories that I found useful to gather security code review
findings in.

That's why I started this Top 10 project. The goal is to provide something
useful in Owasp Code Review Guide while trying to organize security issues
and the second goal is to use it as Owasp Orizon default library cookbooks
in order to have a "fil rouge" from Code review guide and the implementing
tool. The Source code flaws Top 10 will be that fil rouge.

I really hope that everyone interested will subscribe to mailing list and
give some contributions to this document I'd like to release as beta quality
project in the next AppSec Europe 2009 in Cracow.

Link:
http://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project
Roadmap:
http://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project_RoadmapMailinglist
subscription page:
https://lists.owasp.org/mailman/listinfo/owasp-source-code-flaws-top-10

Regards
thesp0nge
-- 
"stay hungry, stay foolish"

OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20081215/7ca978c0/attachment.html 


More information about the OWASP-Leaders mailing list