[Owasp-leaders] OWASP Security Code Review Guide v1.1

Kate Hartmann kate.hartmann at owasp.org
Mon Mar 30 13:22:20 EDT 2009

OWASP Releases World's First Security Code Review Guide for Free

The OWASP Foundation, March 30, 2009 - The Open Web Application Security
Project (OWASP) today announced the official release of the free OWASP
<http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project> Security
Code Review Guide v1.1. The Code Review Guide provides details on how to
review code for all sorts of application vulnerabilities. Together with the
OWASP Security <http://www.owasp.org/index.php/Developer%20Guide>  Developer
Guide and OWASP <http://www.owasp.org/index.php/Testing%20Guide>  Security
Testing Guide, OWASP has created a powerful suite of books that covers most
of what people need to know about application security. The 216 page book
can be downloaded from the OWASP website or a bound copy can be ordered for
the cost of printing.

The Code Review Project is led by long time OWASP participant Eoin Keary
from Dublin, Ireland. Like all OWASP projects, the work is performed by
Eoin's team in a free and open manner, and coordinated via the OWASP wiki
and project mailing list. Everyone is welcome to download the guide and
benefit from OWASP's research. You can also join the project and contribute
to making the guide even better.

"Despite the many claims that code review is too expensive or time
consuming, there is no question that it is the fastest and most accurate way
to find and diagnose many security problems. There are also dozens of
serious security problems that simply can't be found any other way." said
OWASP Chair Jeff Williams. "Still, code review is no panacea. Static tools,
dynamic tools, and manual testing all have an important role to play in
verifying the security of an application." 

There is overwhelming evidence that the vast majority of web applications
contain security holes that are increasingly putting people and
organizations at serious risk. Our Code Review Guide is one part of OWASP's
strategy to make application security visible and enable the market to
support the development of secure application software.

OWASP is a free and open community that focuses on improving application
security. Join the thousands of organizations that are using OWASP guidance
to run a responsible application security program. Anyone can join our
community and use our free tools and documents, attend our free conferences
and local chapter meetings, and join projects to make the world's software
safe for the Internet.

About OWASP -The Open Web Application Security Project (OWASP) is an open
community dedicated to enabling organizations to develop, purchase, and
maintain applications that can be trusted. All of the OWASP tools,
documents, forums, and chapters are free and open to anyone interested in
improving application security. We advocate approaching application security
as a people, process, and technology problem because the most effective
approaches to application security include improvements in all of these
areas. We can be found at http://www.owasp.org <http://www.owasp.org/> .

Contact: owasp at owasp.org 



Kate Hartmann

OWASP Operations Director

9175 Guilford Road

Suite 300

Columbia, MD  21046



kate.hartmann at owasp.org

Skype:  kate.hartmann1 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090330/8c634093/attachment.html 

More information about the OWASP-Leaders mailing list