Difference between revisions of "Projects/OWASP Code Review Project/Releases/Code Review Guide V1.1"

From OWASP
Jump to: navigation, search
 
Line 9: Line 9:
 
| release_description = <br>
 
| release_description = <br>
  
Additional and expanded Chapters:<br>
+
This release is an expanded and improved version of the former OWASP Code Review Guide’s RC 2.0 version which contains the following additional and expanded chapters: Transactional Analysis, Threat Modelling and Analysis, Example reports and how to write one, Automated code review, Rich Internet Applications, The OWASP ESAPI, Code review Metrics, Integrating Code review with an existing SDLC.
 
+
'''Transactional analysis'''<br>
+
Expand chapter.<br>
+
Examples via diagrams.<br>
+
+
'''Threat Modeling and Analysis'''<br>
+
The approach to examining an application to be reviewed.<br>
+
Focusing on areas of interest.<br>
+
 
+
'''Example reports and how to write one'''<br>
+
How to determine the risk level of a finding.<br>
+
 
+
'''Automated code review''' <br>
+
Code crawler documentation and usage.<br>
+
 
+
'''Rich Internet Applications'''<br>
+
Expanded chapters on Flash, Ajax.<br>
+
 
+
'''The OWASP ESAPI (Enterprise Security API)'''<br>
+
What it is, Why use it. What to review.<br>
+
 
+
'''Code review Metrics:'''<br>
+
How to compile, use and analyse metrics.<br>
+
Rolling out metrics in the Enterprise.<br>
+
 
+
'''Integrating Code review with an existing SDLC'''
+
Integration of Secure Code review with an existing SDLC.<br>
+
Secure Code review roadmap definition.<br>
+
Documentation requirements.<br>
+
Scope definition.<br>
+
SDLC steering comittee establishment.<br>
+
Performace criteria, benchmarks and metrics.<br>
+
Integration of SDLC results into key IT governance areas.<br>
+
Critical success factors.<br>
+
  
 
| release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
| release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']

Latest revision as of 12:46, 25 August 2010

back to project home page

what is this release?
Code Review Guide V1.1 - 4 January 2009 - (download)
Release Description:

This release is an expanded and improved version of the former OWASP Code Review Guide’s RC 2.0 version which contains the following additional and expanded chapters: Transactional Analysis, Threat Modelling and Analysis, Example reports and how to write one, Automated code review, Rich Internet Applications, The OWASP ESAPI, Code review Metrics, Integrating Code review with an existing SDLC.

Release License: Creative Commons Attribution Share Alike 3.0
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Main links:
Release Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.