This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Code Review Guide History"

From OWASP
Jump to: navigation, search
Line 18: Line 18:
 
Good Luck,
 
Good Luck,
  
Slan,
+
Slán,
 
Eoin
 
Eoin

Revision as of 11:24, 3 August 2008

OWASP Code Review Guide Table of Contents

The Code Review guide is the result of initially contributing and leading the Testing Guide. Initially it was thought to place Code review and testing into the same guide, seemed like a good idea at the time. But the topic called secure code review got too big and evolved into its own stand alone guide.


The code review guide was started in 2006. The code review team consists of a small but talented group of volunteers who should really get out more often.

It was found that a proper code review function which is integrated into the software development process /Lifecycle (SDLC) produced remarkably better code from a security standpoint. It is also cheaper and looking at the "Security @ source" industry it seems that the trend in application security is heading in this direction.

"Secure code review is the sign of a mature SDLC and in our view much more sustainable and controllable than the pen and patch model"

The guide does not cover all languages; it mainly focuses on .NET and Java but has a little C/C++ and PHP thrown in also. To write a guide that covers all languages would take too long and be too big.

Hope you find this guide useful and a decent reference document if you ever have to perform secure code review.

Good Luck,

Slán, Eoin