[OWASP-TESTING] Updated Doc
mark.curphey at foundstone.com
Wed Mar 17 21:13:12 EST 2004
I think its getting into a good logical flow. Its the sort of doc I would like to read which is always how I try and judge things. Then again I read the Beano (comic) so who knows ;-)
I think your code review section is great. My only thought is that it maybe moving towards the How to do a code review rather than describe the process and the advnatges and disadvantages. IMHO I think that a lot of this would be perfect for the Methodoogy for code reviews which logically fits into Part 2.
I guess things I would like to see would be
Do you review line by line or perform code "inspection" ?
Do you check out an entire tree or branches of it etc
How do you deal with linked libraries that are not part of your app?
Are there examples of things that you cant find from static anlaysis ie need runtime ?
Just my 2 cents
From: Calderon, Juan Carlos (GE Commercial Finance, NonGE) [mailto:juan.calderon at ge.com]
Sent: Wed 3/17/2004 7:10 PM
To: owasp-testing at lists.sourceforge.net
Subject: RE: [OWASP-TESTING] Updated Doc
More information about the Owasp-testing