This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0/Roadmap"
From OWASP
(Created page with '*'''Major enhancements''': **Introduction to be re-written, **Approach to code review (Risk based approach)to be re-written, re designed, **Examples by Vulnerability and Technica…') |
|||
| Line 1: | Line 1: | ||
| + | *'''A new version of the OWASP Code Review Guide (version 2.0) will be produced by January 2011.''' | ||
| + | |||
*'''Major enhancements''': | *'''Major enhancements''': | ||
**Introduction to be re-written, | **Introduction to be re-written, | ||
Latest revision as of 17:49, 25 August 2010
- A new version of the OWASP Code Review Guide (version 2.0) will be produced by January 2011.
- Major enhancements:
- Introduction to be re-written,
- Approach to code review (Risk based approach)to be re-written, re designed,
- Examples by Vulnerability and Technical control to be expanded and refined,
- Common Numbering nomenclature to be used,
- Cross reference to TG and ASVS to be done,
- New sections on tools to be introduced,
- Expand technology specific sections,
- Section on RIA (Rich Internet applications) to be introduced,
- WebServices section to be refined,
- Malware and rootkit sections to be introduced,
- PCI section to be rewritten with more x-reference to other guides.
- Other ideas:
- ESAPI section: how to review OWASP ESAPI implementations?
- Risk based approach Vs ASVS levels,
- Threat modeling and Triage chapters to be revised,
- OWASP O2 section on O2 rules definition, development,
- Crawling code: Additional search vectors to be added,
- Section on Code Crawler, quick start & configuration guide.
