Hello leaders, I'm really happy to announce a new documentation
project I started today. Our Top 10 most critical web app
vulnerabilities is the standard de facto when trying to summarize
findings when you assess a web application. And it is great.

Looking at source code assessment (or code review, or static analysis,
or whatever the name you want to use :-)), nothing like this exists.
Gary McGraw introduced the 7 kingdoms as taxonomy. I started looking
at this great job extending it to meet Owasp Top 10 like template.
I also used categories that I found useful to gather security code
review findings in.

That's why I started this Top 10 project. The goal is to provide
something useful in Owasp Code Review Guide while trying to organize
security issues and the second goal is to use it as Owasp Orizon
default library cookbooks in order to have a "fil rouge" from Code
review guide and the implementing tool. The Source code flaws Top 10
will be that fil rouge.

I really hope that everyone interested will subscribe to mailing list
and give some contributions to this document I'd like to release as
beta quality project in the next AppSec Europe 2009 in Cracow.

Mailinglist subscription page:


"stay hungry, stay foolish"

OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to