OWASP Code Review Guide

时间:2016-02-02 04:44:04
【文件属性】:

文件名称:OWASP Code Review Guide

文件大小:1.46MB

文件格式:DOC

更新时间:2016-02-02 04:44:04

OWASP

Many organizations have realized that their code is not as secure as they may have thought. Now they're starting the difficult work of verifying the security of their applications. There are four basic techniques for analyzing the security of a software application - automated scanning, manual penetration testing, static analysis, and manual code review. This OWASP Guide is focused on the last of these techniques. Of course, all of these techniques have their strengths, weaknesses, sweet spots, and blind spots. Arguments about which technique is the best are like arguing whether a hammer or saw is more valuable when building a house. If you try to build a house with just a hammer, you'll do a terrible job. More important than the tool is probably the person holding the hammer anyway. The OWASP guides are intended to teach you how to use these techniques. But the fact that they are separate shouldn't be an indicator that they should be used alone. The Development Guide shows your project how to architect and build a secure application, this Code Review Guide tells you how to verify the security of your application's source code, and the Testing Guide shows you how to verify the security of your running application. Security moves too fast for traditional books to be of much use. But OWASP's collaborative environment allows us to keep up to date. There are hundreds of contributors to the OWASP Guides, and we make over a thousand updates to our materials every month. We're committed to making high quality application security materials available to everyone. It's the only way we'll ever make any real progress on application security as a software community.


网友评论

  • 在研究web安全漏洞,有些帮助。
  • 对我的工作非常有用
  • 正在做code review的研究,这个文档很有帮助
  • 有东西与大家共享,很好啊
  • 非常好,十分有用,谢谢