Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0/Roadmap

Revision as of 11:32, 25 August 2010 by Paulo Coimbra (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • Major enhancements:
    • Introduction to be re-written,
    • Approach to code review (Risk based approach)to be re-written, re designed,
    • Examples by Vulnerability and Technical control to be expanded and refined,
    • Common Numbering nomenclature to be used,
    • Cross reference to TG and ASVS to be done,
    • New sections on tools to be introduced,
    • Expand technology specific sections,
    • Section on RIA (Rich Internet applications) to be introduced,
    • WebServices section to be refined,
    • Malware and rootkit sections to be introduced,
    • PCI section to be rewritten with more x-reference to other guides.
  • Other ideas:
    • ESAPI section: how to review OWASP ESAPI implementations?
    • Risk based approach Vs ASVS levels,
    • Threat modeling and Triage chapters to be revised,
    • OWASP O2 section on O2 rules definition, development,
    • Crawling code: Additional search vectors to be added,
    • Section on Code Crawler, quick start & configuration guide.