This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File:2015-02-24-Jim DelGrosso-OWASP Belgium, Why Code Reviews and Pen-Tests Are Not Enough.pdf
Why Code Reviews and Pen-Tests Are Not Enough (by Jim DelGrosso, Cigital)
Code reviews and penetration tests are excellent techniques for finding defects in software. But there is a whole class of defects that they are not good at finding - flaws. Jim will briefly talk about the differences between bugs and flaws, will describe a technique to help identify flaws, and talk about the work being done as part of the IEEE Center for Secure Design to help people avoid common flaws.
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Dimensions | User | Comment | |
---|---|---|---|---|
current | 10:35, 25 February 2015 | (3.41 MB) | LievenDesmet (talk | contribs) | Why Code Reviews and Pen-Tests Are Not Enough (by Jim DelGrosso, Cigital) Code reviews and penetration tests are excellent techniques for finding defects in software. But there is a whole class of defects that they are not good at finding - flaws. Jim... |
- You cannot overwrite this file.
File usage
There are no pages that link to this file.