Difference between revisions of "Code Review and Static Analysis with tools"

From OWASP
Jump to: navigation, search
(New page: Chapter: OWASP NoVA >> Knowledge == Code Review and Static Analysis with ...)
 
(Organizational)
Line 21: Line 21:
 
How do I scale my assessment practices with secure code review?<p>
 
How do I scale my assessment practices with secure code review?<p>
  
Implementing a static analysis tool goes a long way to providing a force multiplier for organizations.<br>
+
Implementing a static analysis tool goes a long way to providing a force multiplier for organizations. The following presentation discusses a comprehensive set of steps organizations can undertake to successfully adopt such tools. The presentation discusses who should adopt the tool, what steps they should take, who they should involve, and how long/much it will cost.<br>
  
INSERT SA TOOL IMPLEMENTATION PPT HERE<br>
+
[[Media:Cigital_-_Fortify_Implementation_Preso.ppt|Implementing a Static Analysis Tool.ppt]]<br>
  
 
For those with existing assessment practices involving secure code review (whether or not those practices leverage tools) the question often becomes, "I can review an application, but how do I scale the practice to my entire organization without astronomic cost?" The following presentation addresses this question:
 
For those with existing assessment practices involving secure code review (whether or not those practices leverage tools) the question often becomes, "I can review an application, but how do I scale the practice to my entire organization without astronomic cost?" The following presentation addresses this question:
  
 
[[Maturing_Software_Assessment_Through_Static_Analysis | Maturing Assessment Through Static Analysis]]
 
[[Maturing_Software_Assessment_Through_Static_Analysis | Maturing Assessment Through Static Analysis]]

Revision as of 09:34, 17 March 2009

Chapter: OWASP NoVA >> Knowledge

Code Review and Static Analysis with tools

This article will answer the following questions about secure code review and use of static analysis tools:

  1. What are static analysis tools and how do I use them?
  2. How do I select a static analysis tool?
  3. How do I customize a static analysis tool?
  4. How do I scale my assessment practices with secure code review?

Organizational

How do I scale my assessment practices with secure code review?

Implementing a static analysis tool goes a long way to providing a force multiplier for organizations. The following presentation discusses a comprehensive set of steps organizations can undertake to successfully adopt such tools. The presentation discusses who should adopt the tool, what steps they should take, who they should involve, and how long/much it will cost.
Implementing a Static Analysis Tool.ppt
For those with existing assessment practices involving secure code review (whether or not those practices leverage tools) the question often becomes, "I can review an application, but how do I scale the practice to my entire organization without astronomic cost?" The following presentation addresses this question: Maturing Assessment Through Static Analysis