This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Tool Deployment Model

From OWASP

Revision as of 21:49, 15 January 2009 by KirstenS (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model

Deploy automated tools to developers
Control tool rule base
Security review results and probe a little further.

Testing Department model

Test department includes automated review in functional test.
Security review results and probe a little further.
Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model

All code goes through application security group
Group use manual and automated solutions

Retrieved from "https://wiki.owasp.org/index.php?title=Tool_Deployment_Model&oldid=51307"

OWASP Code Review Project