[OWASP-TESTING] hows everyone getting on?

Andrew van der Stock vanderaj at greebo.net
Fri Jul 15 13:06:54 EDT 2005

Personally, they should be a shared chapter between the two projects  
as they should be the same. Code reviews are absolutely in scope for  
testing. I believe they are far more valuable than normal security  
testing performed by most projects (such as zero knowledge pen tests  
- a complete WAFTAM).


On 14/07/2005, at 9:03 PM, Eoin Keary wrote:

> If Guide 2.0 is concentrating on code reviews, shall i continue  
> doing a code review document as a splinter of the Testing guide or  
> go back to integrating it as part of the Testing gude?
> My code review doc focuses on:
> .NET and Java Best practice mitigating against the common vulns.  
> providing code examples.
> Code review managment and pitfalls in the process.
> How to actually perform a code review.
> Framework issues.
> Eoin

More information about the Owasp-testing mailing list