This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Tool Deployment Model

From OWASP
Revision as of 16:57, 9 September 2010 by Thomas Herlea (talk | contribs) (Added navigation to facilitate sequential reading online)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
«««« Main
(Table of Contents) 		»»»»


Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model

  • Deploy automated tools to developers.
  • Control tool rule base.
  • Security review results and probe a little further.

Testing Department model

  • Test department includes automated review in functional test.
  • Security review results and probe a little further.
  • Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model

  • All code goes through application security group.
  • Group use manual and automated solutions.


«««« Main
(Table of Contents) 		»»»»
Retrieved from "https://wiki.owasp.org/index.php?title=Tool_Deployment_Model&oldid=89009"