Tool Deployment Model

OWASP Code Review Guide Table of Contents

Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model
 * Deploy automated tools to developers
 * Control tool rule base
 * Security review results and probe a little further.

Testing Department model
 * Test department includes automated review in functional test.
 * Security review results and probe a little further.
 * Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model
 * All code goes through application security group
 * Group use manual and automated solutions