[OWASP-TESTING] hows everyone getting on?

Andrew van der Stock vanderaj at greebo.net
Fri Jul 15 13:06:54 EDT 2005


Personally, they should be a shared chapter between the two projects  
as they should be the same. Code reviews are absolutely in scope for  
testing. I believe they are far more valuable than normal security  
testing performed by most projects (such as zero knowledge pen tests  
- a complete WAFTAM).

Andrew

On 14/07/2005, at 9:03 PM, Eoin Keary wrote:

>
> If Guide 2.0 is concentrating on code reviews, shall i continue  
> doing a code review document as a splinter of the Testing guide or  
> go back to integrating it as part of the Testing gude?
>
> My code review doc focuses on:
>
> .NET and Java Best practice mitigating against the common vulns.  
> providing code examples.
> Code review managment and pitfalls in the process.
> How to actually perform a code review.
> Framework issues.
>
> Eoin
>





More information about the Owasp-testing mailing list