This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template Source Code Flaws Top 10 Project"
| Line 7: | Line 7: | ||
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description''' | | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description''' | ||
| colspan="7" style="width:85%; background:#cccccc" align="left"| | | colspan="7" style="width:85%; background:#cccccc" align="left"| | ||
| − | + | This project is about giving a taxonomy to describe the categories of the most dangerous security flaws you can find during a code review. For dynamic code review (web based application ethical hacking) the original Owasp Top 10 is the must have over each desk, in order to manage all the findings during the reporting phase. With the Source code flaws Top 10, you will have the same document but focused to source code. | |
| − | + | ||
| − | + | I started from venerable Gary McGraw work about the "seven kingdoms" trying to extend it to match the Top 10 schema and to include some ideas that came out to me during code reviews or static analysis. | |
| + | |||
| + | This project delivery will be a document very similar as outline to Owasp Top 10 most critical vulnerabilities in web applications. This taxonomy will be used in official Owasp Guide for static analysis, the Code review guide leaded by Eoin Keary and it will be used as cookbook list for Owasp Orizon static analysis engine default library. | ||
|- | |- | ||
| style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information''' | | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information''' | ||
Revision as of 09:43, 15 December 2008
| PROJECT IDENTIFICATION | |||||||
|---|---|---|---|---|---|---|---|
| Project Name | OWASP Source Code Flaws Top 10 Project | ||||||
| Short Project Description |
This project is about giving a taxonomy to describe the categories of the most dangerous security flaws you can find during a code review. For dynamic code review (web based application ethical hacking) the original Owasp Top 10 is the must have over each desk, in order to manage all the findings during the reporting phase. With the Source code flaws Top 10, you will have the same document but focused to source code. I started from venerable Gary McGraw work about the "seven kingdoms" trying to extend it to match the Top 10 schema and to include some ideas that came out to me during code reviews or static analysis. This project delivery will be a document very similar as outline to Owasp Top 10 most critical vulnerabilities in web applications. This taxonomy will be used in official Owasp Guide for static analysis, the Code review guide leaded by Eoin Keary and it will be used as cookbook list for Owasp Orizon static analysis engine default library. | ||||||
| Key Project Information | Licensed under Choose here & replace link with license name |
Project Leader Paolo Perego |
Project Contributors Name |
Mailing List Subscribe here Use here |
First Reviewer Name |
Second Reviewer Name |
OWASP Board Member (if applicable) Name |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| |||||
| RELATED PROJECTS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor name, if applicable | Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| First Review | Objectives & Deliveries reached? Not yet (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/SelfEvaluation (A) |
Objectives & Deliveries reached? Not yet (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/1st Reviewer (B) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/2nd Reviewer (C) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See/Edit: First Review/Board Member (D) |
