[OWASP-TESTING] Updated Doc

Mark Curphey mark.curphey at foundstone.com
Wed Mar 17 21:13:12 EST 2004


I think its getting into a good logical flow. Its the sort of doc I would like to read which is always how I try and judge things. Then again I read the Beano (comic) so who knows ;-)
 
I think your code review section is great. My only thought is that it maybe moving towards the How to do a code review rather than describe the process and the advnatges and disadvantages. IMHO I think that a lot of this would be perfect for the Methodoogy for code reviews which logically fits into Part 2. 
 
I guess things I would like to see would be 
 
Do you review line by line or perform code "inspection" ?
Do you check out an entire tree or branches of it etc 
How do you deal with linked libraries that are not part of your app?
 
Are there examples of things that you cant find from static anlaysis ie need runtime ?
 
Just my 2 cents

	-----Original Message----- 
	From: Calderon, Juan Carlos (GE Commercial Finance, NonGE) [mailto:juan.calderon at ge.com] 
	Sent: Wed 3/17/2004 7:10 PM 
	To: owasp-testing at lists.sourceforge.net 
	Cc: 
	Subject: RE: [OWASP-TESTING] Updated Doc
	
	



More information about the Owasp-testing mailing list