This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0/Roadmap

From OWASP
Revision as of 17:49, 25 August 2010 by Paulo Coimbra (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • A new version of the OWASP Code Review Guide (version 2.0) will be produced by January 2011.
  • Major enhancements:
    • Introduction to be re-written,
    • Approach to code review (Risk based approach)to be re-written, re designed,
    • Examples by Vulnerability and Technical control to be expanded and refined,
    • Common Numbering nomenclature to be used,
    • Cross reference to TG and ASVS to be done,
    • New sections on tools to be introduced,
    • Expand technology specific sections,
    • Section on RIA (Rich Internet applications) to be introduced,
    • WebServices section to be refined,
    • Malware and rootkit sections to be introduced,
    • PCI section to be rewritten with more x-reference to other guides.
  • Other ideas:
    • ESAPI section: how to review OWASP ESAPI implementations?
    • Risk based approach Vs ASVS levels,
    • Threat modeling and Triage chapters to be revised,
    • OWASP O2 section on O2 rules definition, development,
    • Crawling code: Additional search vectors to be added,
    • Section on Code Crawler, quick start & configuration guide.
Retrieved from "https://wiki.owasp.org/index.php?title=Projects/OWASP_Code_Review_Project/Releases/Code_Review_Guide_V2.0/Roadmap&oldid=87988"