Difference between revisions of "Tool Deployment Model"

From OWASP
Jump to: navigation, search
Line 6: Line 6:
  
 
'''Developer adoption model'''
 
'''Developer adoption model'''
* Deploy automated tools to developers
+
* Deploy automated tools to developers.
* Control tool rule base
+
* Control tool rule base.
 
* Security review results and probe a little further.
 
* Security review results and probe a little further.
  
Line 16: Line 16:
  
 
'''Application security group model'''
 
'''Application security group model'''
* All code goes through application security group
+
* All code goes through application security group.
* Group use manual and automated solutions
+
* Group use manual and automated solutions.
  
 
[[Category:OWASP Code Review Project]]
 
[[Category:OWASP Code Review Project]]

Revision as of 05:54, 11 February 2009

OWASP Code Review Guide Table of Contents

Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model

  • Deploy automated tools to developers.
  • Control tool rule base.
  • Security review results and probe a little further.

Testing Department model

  • Test department includes automated review in functional test.
  • Security review results and probe a little further.
  • Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model

  • All code goes through application security group.
  • Group use manual and automated solutions.