Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0/Roadmap
Revision as of 12:49, 25 August 2010 by Paulo Coimbra
- A new version of the OWASP Code Review Guide (version 2.0) will be produced by January 2011.
- Major enhancements:
- Introduction to be re-written,
- Approach to code review (Risk based approach)to be re-written, re designed,
- Examples by Vulnerability and Technical control to be expanded and refined,
- Common Numbering nomenclature to be used,
- Cross reference to TG and ASVS to be done,
- New sections on tools to be introduced,
- Expand technology specific sections,
- Section on RIA (Rich Internet applications) to be introduced,
- WebServices section to be refined,
- Malware and rootkit sections to be introduced,
- PCI section to be rewritten with more x-reference to other guides.
- Other ideas:
- ESAPI section: how to review OWASP ESAPI implementations?
- Risk based approach Vs ASVS levels,
- Threat modeling and Triage chapters to be revised,
- OWASP O2 section on O2 rules definition, development,
- Crawling code: Additional search vectors to be added,
- Section on Code Crawler, quick start & configuration guide.