This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Tool Deployment Model"
From OWASP
m |
|||
| Line 2: | Line 2: | ||
<BR> | <BR> | ||
This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities. | This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities. | ||
| + | |||
| + | '''Developer adoption model''' | ||
| + | Deploy automated tools to developers | ||
| + | Control tool rule base | ||
| + | Security review results and probe a little further. | ||
| + | |||
| + | '''Testing Department model''' | ||
| + | Test department include automated review in functional test. | ||
| + | Security review results and probe a little further. | ||
| + | |||
| + | '''Application security group model''' | ||
| + | All code goes through application security group | ||
| + | Group use manual and automated solutions | ||
| + | |||
[[Category:OWASP Code Review Project]] | [[Category:OWASP Code Review Project]] | ||
Revision as of 10:05, 26 September 2008
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.
This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities.
Developer adoption model
Deploy automated tools to developers Control tool rule base Security review results and probe a little further.
Testing Department model
Test department include automated review in functional test. Security review results and probe a little further.
Application security group model
All code goes through application security group Group use manual and automated solutions
