[OWASP-TESTING] hows everyone getting on?
Andrew van der Stock
vanderaj at greebo.net
Fri Jul 15 13:06:54 EDT 2005
Personally, they should be a shared chapter between the two projects
as they should be the same. Code reviews are absolutely in scope for
testing. I believe they are far more valuable than normal security
testing performed by most projects (such as zero knowledge pen tests
- a complete WAFTAM).
On 14/07/2005, at 9:03 PM, Eoin Keary wrote:
> If Guide 2.0 is concentrating on code reviews, shall i continue
> doing a code review document as a splinter of the Testing guide or
> go back to integrating it as part of the Testing gude?
> My code review doc focuses on:
> .NET and Java Best practice mitigating against the common vulns.
> providing code examples.
> Code review managment and pitfalls in the process.
> How to actually perform a code review.
> Framework issues.
More information about the Owasp-testing