This the announcement mail I just sent to mailing list I read about security and development. It is about a newer project I started yesterday. I’ll using it into Orizon to organize default library. You fill interested in it, please join the mailing list.
Hello leaders, I’m really happy to announce a new documentation project I started today. Our Top 10 most critical web app vulnerabilities is the standard de facto when trying to summarize findings when you assess a web application. And it is great.
Looking at source code assessment (or code review, or static analysis, or whatever the name you want to use :-)), nothing like this exists. Gary McGraw introduced the 7 kingdoms as taxonomy. I started looking at this great job extending it to meet Owasp Top 10 like template.
I also used categories that I found useful to gather security code review findings in.
That’s why I started this Top 10 project. The goal is to provide something useful in Owasp Code Review Guide while trying to organize security issues and the second goal is to use it as Owasp Orizon default library cookbooks in order to have a “fil rouge” from Code review guide and the implementing tool. The Source code flaws Top 10 will be that fil rouge.
I really hope that everyone interested will subscribe to mailing list and give some contributions to this document I’d like to release as beta quality project in the next AppSec Europe 2009 in Cracow.