This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Projects/OWASP Code Review Project/Releases/Code Review Guide V1.1

From OWASP
Revision as of 17:15, 25 August 2010 by Paulo Coimbra (talk | contribs)

Jump to: navigation, search

back to project home page

what is this release?
Code Review Guide V1.1 - 4 January 2009 - (download)
Release Description:

Additional and expanded Chapters:

Transactional analysis
Expand chapter.
Examples via diagrams.

Threat Modeling and Analysis
The approach to examining an application to be reviewed.
Focusing on areas of interest.

Example reports and how to write one
How to determine the risk level of a finding.

Automated code review
Code crawler documentation and usage.

Rich Internet Applications
Expanded chapters on Flash, Ajax.

The OWASP ESAPI (Enterprise Security API)
What it is, Why use it. What to review.

Code review Metrics:
How to compile, use and analyse metrics.
Rolling out metrics in the Enterprise.

Integrating Code review with an existing SDLC Integration of Secure Code review with an existing SDLC.
Secure Code review roadmap definition.
Documentation requirements.
Scope definition.
SDLC steering comittee establishment.
Performace criteria, benchmarks and metrics.
Integration of SDLC results into key IT governance areas.
Critical success factors.

Release License: Creative Commons Attribution Share Alike 3.0
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Main links:
Release Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.

Retrieved from "https://wiki.owasp.org/index.php?title=Projects/OWASP_Code_Review_Project/Releases/Code_Review_Guide_V1.1&oldid=87975"