This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Code Review Guide History
OWASP Code Review Guide Table of Contents
The Code Review guide is the result of contributing to the Testing Guide. Initially it was thought to place Code review and Testing into the same guide. But code review got too big and evolved into itso own stand alone guide.
The code review guide was started by [User:Eoin Keary] and is currently in its infancy. Eoin was lead of an application security group for a large financial institution and was involved with the code review process for many years. It was found that a proper code review function that is integrated into the software development process /Lifecycle (SDLC) produced remarkably better code from a security standpoint.
"Secure code review is the sign of a mature SDLC and in my view much more sustainable and controllable than the pen and patch model"