This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Code Review Guide History"
(Added navigation to facilitate sequential reading online) |
|||
| (4 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | {{LinkBar | |
| + | | useprev=PrevLink | prev=OCRG1.1:About The Open Web Application Security Project | lblprev=About The Open Web Application Security Project | ||
| + | | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents | ||
| + | | usenext=NextLink | next=Code Review Introduction | lblnext=Introduction | ||
| + | }} | ||
| − | The Code Review guide is the result of initially contributing and leading the Testing Guide. | + | The Code Review guide is the result of initially contributing and leading the Testing Guide. Initially, it was thought to place Code review and testing into the same guide; it seemed like a good idea at the time. But the topic called security code review got too big and evolved into its own stand-alone guide. |
| − | Initially it was thought to place Code review and testing into the same guide | ||
| + | The Code Review guide was started in 2006. The Code Review team consists of a small, but talented, group of volunteers who should really get out more often. | ||
| − | The code review | + | The team noticed that organizations with a proper code review functions integrated into the software development lifecycle (SDLC) produced remarkably better code from a security standpoint. This observation has borne out in practice, as many security vulnerabilities are easier to find in the code than by using other techniques. |
| − | + | By necessity, this guide does not cover all languages; it mainly focuses on .NET and Java, but has a little C/C++ and PHP thrown in also. However, the techniques advocated in the book can be easily adapted to almost any code environment. Fortunately, the security flaws in web applications are remarkably consistent across programming languages. | |
| − | + | {{LinkBar | |
| − | + | | useprev=PrevLink | prev=OCRG1.1:About The Open Web Application Security Project | lblprev=About The Open Web Application Security Project | |
| − | The | + | | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents |
| − | + | | usenext=NextLink | next=Code Review Introduction | lblnext=Introduction | |
| − | + | }} | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 14:26, 9 September 2010
The Code Review guide is the result of initially contributing and leading the Testing Guide. Initially, it was thought to place Code review and testing into the same guide; it seemed like a good idea at the time. But the topic called security code review got too big and evolved into its own stand-alone guide.
The Code Review guide was started in 2006. The Code Review team consists of a small, but talented, group of volunteers who should really get out more often.
The team noticed that organizations with a proper code review functions integrated into the software development lifecycle (SDLC) produced remarkably better code from a security standpoint. This observation has borne out in practice, as many security vulnerabilities are easier to find in the code than by using other techniques.
By necessity, this guide does not cover all languages; it mainly focuses on .NET and Java, but has a little C/C++ and PHP thrown in also. However, the techniques advocated in the book can be easily adapted to almost any code environment. Fortunately, the security flaws in web applications are remarkably consistent across programming languages.
