Click here to return to the previous page.
| 50% REVIEW PROCESS
|
|
Project Deliveries & Objectives
|
OWASP Code Review Guide V1.1 Project's Deliveries & Objectives
|
| QUESTIONS
|
ANSWERS
|
|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.
|
I evaluated the guide from the following perspectives:
1) OWASP writing style: The guide has 100% followed the guidelines specified in OWASP for writing guides. I believe. The language is lucid and easy to understand. The layout of the book proceeds in a logical manner. There are some spelling issues but those are quite minor.
2) Beta Quality and further: The Beta quality has been thoroughly reached and the guide as an overall package satisfies all criteria for the same. Its also available as a download from the bookstore and has a TOC. There are links to other OWASP Tools and Documentation Projects as and where applicable.
3) Technical Suggestions: From a developer's perspective the examples section for XSS and SQL Injection could probably do with a few more sample codes on how the vulnerabilities can be exploited. Also if the guide could expand on dealing with SDLC vis-a-vis code review for security, it might be more helpful.
4) Objectives Achieved: Even though this is a 50% review and the above points notwithstanding, the guide has been par excellence in achieving its objectives.
|
|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.
|
90-95%
|
|
3. Please do use the right hand side column to provide advice and make work suggestions.
|
Overall there is very little to suggest new as the author has amply displayed his subject matter expertise. :-)
|
