This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Tool Deployment Model"
From OWASP
| Line 3: | Line 3: | ||
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code. | Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code. | ||
| − | This methodology improves developer knowledge and | + | This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities. |
'''Developer adoption model''' | '''Developer adoption model''' | ||
Revision as of 10:53, 11 February 2009
OWASP Code Review Guide Table of Contents
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.
This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.
Developer adoption model
- Deploy automated tools to developers
- Control tool rule base
- Security review results and probe a little further.
Testing Department model
- Test department includes automated review in functional test.
- Security review results and probe a little further.
- Tool rule base is controlled by the security department and complies with internal secure application development policies.
Application security group model
- All code goes through application security group
- Group use manual and automated solutions
