Preface

From OWASP
Revision as of 03:58, 9 January 2007 by EoinKeary (Talk | contribs)

Jump to: navigation, search

OWASP Code Review Guide Table of Contents

While manual code reviews can find security flaws in code, they suffer from two problems. Manual code reviews are slow, covering 100-200 lines per hour on average. Also, there are hundreds of security flaws to look for in code, while humans can only keep about seven items in memory at once. Source code analysis tools can search a program for hundreds of different security flaws at once at a rate far greater than any human can review code. However, these tools don't eliminate the need for a human reviewer, as they produce both false positive and false negative results.