This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ESAPI Assurance

From OWASP

Revision as of 14:42, 11 December 2008 by SteveChristey (talk | contribs) (→‎Building an Assurance Case for ESAPI)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Building an Assurance Case for ESAPI

consider adopting software facts label

 http://swaconsortium.org/projects/softwareFacts/softwareFacts.html

identify third-party software

discuss coding practices that were followed, skill levels of developers, amount of independent review

publish scanning tool results

links to DHS web sites and documents

Coding Practices

was OWASP Top Ten followed?

how was performance and security balanced?

what is the level of training of the developers? amount of experience in web development?

were tools part of the whole process or run at the end?

how was code repository prevented from unauthorized alterations?

practices for code check-in and independent review - how is introduction of Trojans avoided?

Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_Assurance&oldid=48371"