Difference between revisions of "Tool Deployment Model"

From OWASP
Jump to: navigation, search
 
m (Added navigation to facilitate sequential reading online)
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.
+
{{LinkBar
<BR>
+
  | useprev=PrevLink | prev=Automated Code Review | lblprev=
This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulerabilities.
+
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Auditor Workbench Tool | lblnext=
 +
}}
 +
__TOC__
 +
 
 +
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.  
 +
 
 +
This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.  
 +
 
 +
'''Developer adoption model'''
 +
* Deploy automated tools to developers.
 +
* Control tool rule base.
 +
* Security review results and probe a little further.
 +
 
 +
'''Testing Department model'''
 +
* Test department includes automated review in functional test.
 +
* Security review results and probe a little further.
 +
* Tool rule base is controlled by the security department and complies with internal secure application development policies.
 +
 
 +
'''Application security group model'''
 +
* All code goes through application security group.
 +
* Group use manual and automated solutions.
 +
 
 +
{{LinkBar
 +
  | useprev=PrevLink | prev=Automated Code Review | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Auditor Workbench Tool | lblnext=
 +
}}
 +
 
 +
[[Category:OWASP Code Review Project]]

Latest revision as of 11:57, 9 September 2010

«««« Main
(Table of Contents)
»»»»


Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model

  • Deploy automated tools to developers.
  • Control tool rule base.
  • Security review results and probe a little further.

Testing Department model

  • Test department includes automated review in functional test.
  • Security review results and probe a little further.
  • Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model

  • All code goes through application security group.
  • Group use manual and automated solutions.


«««« Main
(Table of Contents)
»»»»