WebApp Sec mailing list archives
Secure code review methodology
From: Noam Eppel <noam () noameppel com>
Date: Wed, 26 Mar 2003 00:25:10 -0600
The Open Source Security Testing Methodology Manual (OSSTMM) might be similar to what you are looking for, but it is broader in scope then just code review. http://www.isecom.org/projects/osstmm.htm Noam Eppel noam () noameppel com Web Security Consultant
From: Mark Curphey <mark () curphey com> To: Mads Rasmussen <mads () opencs com br> CC: "Jeff Williams @ Aspect"
<jeff.williams () aspectsecurity com>,webappsec () securityfocus com
Subject: Re: RES: Fail Open Authentication and Parameter Injection Date: 25 Mar 2003 13:01:56 -0800 For a long time I have been trying to find people who are experts in secure code review to start a secure code review methodology or at least add a section in the OWASP testing methodology. There are a few papers out there but I haven't seen an open methodology that people could provide metrics against or use as a yardstick to judge services. I am not even sure how practical it is to be honest.
Current thread:
- Secure code review methodology Noam Eppel (Mar 25)