This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Tool Deployment Model"
From OWASP
| Line 1: | Line 1: | ||
| − | Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code. | + | Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code. |
| − | + | ||
| − | This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities. | + | This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities. |
'''Developer adoption model''' | '''Developer adoption model''' | ||
| − | Deploy automated tools to developers | + | * Deploy automated tools to developers |
| − | Control tool rule base | + | * Control tool rule base |
| − | Security review results and probe a little further. | + | * Security review results and probe a little further. |
'''Testing Department model''' | '''Testing Department model''' | ||
| − | Test department | + | * Test department includes automated review in functional test. |
| − | Security review results and probe a little further. | + | * Security review results and probe a little further. |
| + | * Tool rule base is controlled by the security department and complies with internal secure application development policies. | ||
'''Application security group model''' | '''Application security group model''' | ||
| − | All code goes through application security group | + | * All code goes through application security group |
| − | Group use manual and automated solutions | + | * Group use manual and automated solutions |
[[Category:OWASP Code Review Project]] | [[Category:OWASP Code Review Project]] | ||
Revision as of 21:49, 15 January 2009
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.
This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities.
Developer adoption model
* Deploy automated tools to developers * Control tool rule base * Security review results and probe a little further.
Testing Department model
* Test department includes automated review in functional test. * Security review results and probe a little further.
- Tool rule base is controlled by the security department and complies with internal secure application development policies.
Application security group model
* All code goes through application security group * Group use manual and automated solutions
