[OWASP-TESTING] updated: Code Review Section for Testing guide (Draft)

Calderon, Juan Carlos (GE Commercial Finance, NonGE) juan.calderon at ge.com
Sat Mar 27 15:26:16 EST 2004


Hi all

I'm sending my part of the OWASP testing guide, updated.  I've re-read OWASP guide and the initial and final Drafts Mark sent us and I found I was wrong in some points. I sould say I was not happy with my first draft but now I've changed some things for a "positive" point of view and taking away the "how" it's taking better shape. I could not work on some parts like advantages and deliverables part, oh well.

Thanks to Mark, Jeff and Javier for your feedback on last draft sent, it was on great help.

Additionally I have some thoughts

Mark, I think you omitted regulations in the first section of your "A Typical SDLC Testing Workflow" graphic.

Also I don't know if "OWASP guide" the one to mitigate OWASP Top Ten (and more than that) and OWASP Testing guide, won't be confused. Don't know if I'm "crossing the line" saying this, IMHO probably OWASP Guide should change it's name to something more descriptive, too late perhaps?.

Well, that's it

Later,
JC

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Security Code Review testing guide (Part 1).doc
Type: application/msword
Size: 31744 bytes
Desc: Security Code Review testing guide (Part 1).doc
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040327/0dc0eaf7/attachment.doc 


More information about the Owasp-testing mailing list