Hello leaders, I'm really happy to announce a new documentation project I started today. Our Top 10 most critical web app vulnerabilities is the standard de facto when trying to summarize findings when you assess a web application. And it is great.
Looking at source code assessment (or code review, or static analysis, or whatever the name you want to use :-)), nothing like this exists. Gary McGraw introduced the 7 kingdoms as taxonomy. I started looking at this great job extending it to meet Owasp Top 10 like template. I also used categories that I found useful to gather security code review findings in. That's why I started this Top 10 project. The goal is to provide something useful in Owasp Code Review Guide while trying to organize security issues and the second goal is to use it as Owasp Orizon default library cookbooks in order to have a "fil rouge" from Code review guide and the implementing tool. The Source code flaws Top 10 will be that fil rouge. I really hope that everyone interested will subscribe to mailing list and give some contributions to this document I'd like to release as beta quality project in the next AppSec Europe 2009 in Cracow. Link: http://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project Roadmap: http://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project_Roadmap Mailinglist subscription page: https://lists.owasp.org/mailman/listinfo/owasp-source-code-flaws-top-10 Regards thesp0nge -- "stay hungry, stay foolish" OWASP Orizon project, http://orizon.sourceforge.net "enjoy your code review experience" _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________