[Owasp-singapore] [Fwd: [Owasp-leaders] Owasp Source Code Flaws Top 10 Project]
Wong Onn Chee
ocwong at usa.net
Tue Dec 16 01:36:25 EST 2008
-------- Original Message --------
Subject: [Owasp-leaders] Owasp Source Code Flaws Top 10 Project
Date: Mon, 15 Dec 2008 15:10:36 +0100
From: Paolo Perego <thesp0nge at owasp.org>
Reply-To: owasp-leaders at lists.owasp.org
To: Owasp leaders <owasp-leaders at lists.owasp.org>
Hello leaders, I'm really happy to announce a new documentation project
I started today. Our Top 10 most critical web app vulnerabilities is the
standard de facto when trying to summarize findings when you assess a
web application. And it is great.
Looking at source code assessment (or code review, or static analysis,
or whatever the name you want to use :-)), nothing like this exists.
Gary McGraw introduced the 7 kingdoms as taxonomy. I started looking at
this great job extending it to meet Owasp Top 10 like template.
I also used categories that I found useful to gather security code
review findings in.
That's why I started this Top 10 project. The goal is to provide
something useful in Owasp Code Review Guide while trying to organize
security issues and the second goal is to use it as Owasp Orizon default
library cookbooks in order to have a "fil rouge" from Code review guide
and the implementing tool. The Source code flaws Top 10 will be that fil
I really hope that everyone interested will subscribe to mailing list
and give some contributions to this document I'd like to release as beta
quality project in the next AppSec Europe 2009 in Cracow.
"stay hungry, stay foolish"
OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
More information about the Owasp-singapore