Difference between revisions of "Tool Deployment Model"

From OWASP
Jump to: navigation, search
m (Added navigation to facilitate sequential reading online)
 
(5 intermediate revisions by one user not shown)
Line 1: Line 1:
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.
+
{{LinkBar
<BR>
+
  | useprev=PrevLink | prev=Automated Code Review | lblprev=
This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities.
+
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Auditor Workbench Tool | lblnext=
 +
}}
 +
__TOC__
 +
 
 +
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.  
 +
 
 +
This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.  
  
 
'''Developer adoption model'''
 
'''Developer adoption model'''
Deploy automated tools to developers
+
* Deploy automated tools to developers.
Control tool rule base
+
* Control tool rule base.
Security review results and probe a little further.
+
* Security review results and probe a little further.
  
 
'''Testing Department model'''
 
'''Testing Department model'''
Test department include automated review in functional test.
+
* Test department includes automated review in functional test.
Security review results and probe a little further.
+
* Security review results and probe a little further.
 +
* Tool rule base is controlled by the security department and complies with internal secure application development policies.
  
 
'''Application security group model'''
 
'''Application security group model'''
All code goes through application security group
+
* All code goes through application security group.
Group use manual and automated solutions
+
* Group use manual and automated solutions.
 +
 
 +
{{LinkBar
 +
  | useprev=PrevLink | prev=Automated Code Review | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Auditor Workbench Tool | lblnext=
 +
}}
  
 
[[Category:OWASP Code Review Project]]
 
[[Category:OWASP Code Review Project]]

Latest revision as of 11:57, 9 September 2010

«««« Main
(Table of Contents)
»»»»


Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge, and the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model

  • Deploy automated tools to developers.
  • Control tool rule base.
  • Security review results and probe a little further.

Testing Department model

  • Test department includes automated review in functional test.
  • Security review results and probe a little further.
  • Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model

  • All code goes through application security group.
  • Group use manual and automated solutions.


«««« Main
(Table of Contents)
»»»»