Project Information:template Code Review Project 50 Review Second Review E

Project Deliveries & Objectives

OWASP Code Review Guide V1.1 Project's Deliveries & Objectives

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

1) OWASP writing style: The guide has 100% followed the guidelines specified in OWASP for writing guides. I believe. The language is lucid and easy to understand. The layout of the book proceeds in a logical manner. There are some spelling issues but those are quite minor.
2) Beta Quality and further: The Beta quality has been thoroughly reached and the guide as an overall package satisfies all criteria for the same. Its also available as a download from the bookstore and has a TOC. There are links to other OWASP Tools and Documentation Projects as and where applicable.
3) Technical Suggestions: From a developer's perspective the examples section for XSS and SQL Injection could probably do with a few more sample codes on how the vulnerabilities can be exploited. Also if the guide could expand on dealing with SDLC vis-a-vis code review for security, it might be more helpful.
4) Objectives Achieved: Even though this is a 50% review and the above points notwithstanding, the guide has been par excellence in achieving its objectives.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

3. Please do use the right hand side column to provide advice and make work suggestions.