owasp / www-project-code-review-guide Goto Github PK

Add section for Threat Modeling Methodology

Add a readme that explains

• the purpose and goal of the guide
• the current state it is in
• how to contribute to the project.

We also have to make sure the readme is not part of the deployment process.

In the previous guide (2017), which can be found here https://owasp.org/www-project-code-review-guide/assets/OWASP_Code_Review_Guide_v2.pdf, are several graphs and very interesting statements and facts that do not have proper attribution of source.

For example, in Figure 1, a survey result that is only very briefly mentioned is depict. The quality of this source, and its legitimacy needs to be investigated. Based on what the investigation finds, we either will keep, remove or update the information for the upcoming version of the guide.

Information and statements that are hard to judge given the information in the guide can be found throughout. Each one of those has to be investigated and evaluated for future-fit in the updated/new guide.

Each piece of information that needs to be investigated and evaluated should probably become its own issue. This issue can serve as a "parent" issue.

Create a markdown document that covers the outline of the secure code review guide 2.0, and also has a discussion and decision section for each chapter/section/part.

This should guide our discussion on what to keep, adjust and remove from the 2.0 to the 3.0 version.

All of the links in www-project-code-review-guide/pages/reviewing-code-for-cross-site-request-forgery-issues.md are broken. I will submit a pull request to fix the ones that I can find/correct.