[Owasp-codereview] OWASP code review assessment

Ken Huang Ken.Huang at cgifederal.com
Thu Nov 25 15:07:58 EST 2010


We have been involved very heavily in the security code review project and have used various commercial tool such as CodeSecure, VeraCode, as well as some open source tool such as Yasca, FxCop, Findbugs etc. We use both tool and manual code review process to find the security vulnerabilities. 

I have not used O2 yet, but would be interested in knowing more. So, please include me in the webnair and the discussion.

Thanks

Ken
-----------------------------
Ken Huang
Director,  Cloud Security, CISSP
Enterprise Security Practice
12601 Fair Lakes Circle, Fairfax, Virginia, 22033
CGI Federal

________________________________________
From: owasp-codereview-bounces at lists.owasp.org [owasp-codereview-bounces at lists.owasp.org] On Behalf Of unni mana [unnivm at gmail.com]
Sent: Thursday, November 25, 2010 3:42 AM
To: owasp-codereview at lists.owasp.org; mparsons1980 at gmail.com
Subject: [Owasp-codereview] OWASP code review assessment

Hi,
Currently, I am working on such kinf of activity for my org.So I am interested in that activity.

Note:I am not sure whether this is the form to reply like this,

Regards,
Unni V Mana

On Wed, Nov 24, 2010 at 10:30 PM, <owasp-codereview-request at lists.owasp.org<mailto:owasp-codereview-request at lists.owasp.org>> wrote:
Send Owasp-codereview mailing list submissions to
       owasp-codereview at lists.owasp.org<mailto:owasp-codereview at lists.owasp.org>

To subscribe or unsubscribe via the World Wide Web, visit
       https://lists.owasp.org/mailman/listinfo/owasp-codereview
or, via email, send a message with subject or body 'help' to
       owasp-codereview-request at lists.owasp.org<mailto:owasp-codereview-request at lists.owasp.org>

You can reach the person managing the list at
       owasp-codereview-owner at lists.owasp.org<mailto:owasp-codereview-owner at lists.owasp.org>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-codereview digest..."


Today's Topics:

  1. Looking for OWASP members to have free web meetings with and
     work on source code assessments and web penetration testing
     (Matt Parsons)
  2. Re: Looking for OWASP members to have free web meetings with
     and work on source code assessments and web penetration testing (Eoin)


----------------------------------------------------------------------

Message: 1
Date: Tue, 23 Nov 2010 14:44:12 -0600
From: Matt Parsons <mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com>>
Subject: [Owasp-codereview] Looking for OWASP members to have free web
       meetings with and work on source code assessments and web penetration
       testing
To: Owasp-codereview at lists.owasp.org<mailto:Owasp-codereview at lists.owasp.org>, websecurity
       <websecurity at webappsec.org<mailto:websecurity at webappsec.org>>,    OWASPDallas at utdallas.edu<mailto:OWASPDallas at utdallas.edu>,       OWASP
       Foundation Board List <owasp-board at lists.owasp.org<mailto:owasp-board at lists.owasp.org>>,    Secure Coding
       <sc-l at securecoding.org<mailto:sc-l at securecoding.org>>
Message-ID:
       <AANLkTi=gRVeayuQrPfwfbNJUSuEw0iPzN7K7ys6bEiN3 at mail.gmail.com<mailto:gRVeayuQrPfwfbNJUSuEw0iPzN7K7ys6bEiN3 at mail.gmail.com>>
Content-Type: text/plain; charset="iso-8859-1"

Secure Coding List and group,
I am thinking about hosting FREE web penetration and source code review web
seminars sharing tricks of the trade and giving real life examples of web
penetration testing and source code review findings.   I am not doing this
to profit.  I am just looking for like minds to share ideas with and spend a
couple hours a month on a webinar.   One of the first topics  I would like
to go over is Dinis Cruz's 02.   I wrote about it in my blog today.
http://www.parsonsisconsultingblog.com<http://www.parsonsisconsultingblog.com/><%20http://www.parsonsisconsultingblog.com<http://www.parsonsisconsultingblog.com/>>.
Please reply to me off list to mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com> if you are interested.
I am trying to figure out the level of interest so I can purchase enough
phone lines for bridges and bandwidth to hold the live and recorded
webinars.  I will not spam your e-mail or share it with any other entity.
I am looking to advance the field of software security and secure the
Internet one application at a time.

Thanks,
Matt Parsons, CISSP, MSM


--

Matt Parsons, MSM, CISSP
315-559-3588 Blackberry
817-294-3789 Home office
"Do Good and Fear No Man"
Fort Worth, Texas
A.K.A The Keyboard Cowboy
mailto:mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com> <mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com>>
http://www.parsonsisconsulting.com<http://www.parsonsisconsulting.com/>
http://www.parsonsisconsultingblog.com<http://www.parsonsisconsultingblog.com/>
<http://www.o2-ounceopen.com/o2-power-users/>
http://www.linkedin.com/in/parsonsconsulting
http://www.vimeo.com/8939668
http://twitter.com/parsonsmatt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20101123/94dccbd9/attachment-0001.html

------------------------------

Message: 2
Date: Wed, 24 Nov 2010 13:14:20 +0000
From: Eoin <eoin.keary at owasp.org<mailto:eoin.keary at owasp.org>>
Subject: Re: [Owasp-codereview] Looking for OWASP members to have free
       web meetings with and work on source code assessments and web
       penetration testing
To: Matt Parsons <mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com>>
Cc: Secure Coding <sc-l at securecoding.org<mailto:sc-l at securecoding.org>>,      OWASP Foundation Board List
       <owasp-board at lists.owasp.org<mailto:owasp-board at lists.owasp.org>>,  Owasp-codereview at lists.owasp.org<mailto:Owasp-codereview at lists.owasp.org>,
       OWASPDallas at utdallas.edu<mailto:OWASPDallas at utdallas.edu>,       websecurity <websecurity at webappsec.org<mailto:websecurity at webappsec.org>>
Message-ID:
       <AANLkTi=u1kXwD2W5jGRSnF-ZR6m4ZBNDFsNpxft+F97G at mail.gmail.com<mailto:u1kXwD2W5jGRSnF-ZR6m4ZBNDFsNpxft%2BF97G at mail.gmail.com>>
Content-Type: text/plain; charset="iso-8859-1"

Happy to assist as the OWASP code review guide lead!

-ek

On 23 November 2010 20:44, Matt Parsons <mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com>> wrote:

> Secure Coding List and group,
> I am thinking about hosting FREE web penetration and source code review web
> seminars sharing tricks of the trade and giving real life examples of web
> penetration testing and source code review findings.   I am not doing this
> to profit.  I am just looking for like minds to share ideas with and spend a
> couple hours a month on a webinar.   One of the first topics  I would like
> to go over is Dinis Cruz's 02.   I wrote about it in my blog today. http://www.parsonsisconsultingblog.com<http://www.parsonsisconsultingblog.com/>.
> Please reply to me off list to mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com> if you are
> interested. I am trying to figure out the level of interest so I can
> purchase enough phone lines for bridges and bandwidth to hold the live and
> recorded webinars.  I will not spam your e-mail or share it with any other
> entity.   I am looking to advance the field of software security and secure
> the Internet one application at a time.
>
> Thanks,
> Matt Parsons, CISSP, MSM
>
>
> --
>
> Matt Parsons, MSM, CISSP
> 315-559-3588 Blackberry
> 817-294-3789 Home office
> "Do Good and Fear No Man"
> Fort Worth, Texas
> A.K.A The Keyboard Cowboy
> mailto:mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com> <mparsons1980 at gmail.com<mailto:mparsons1980 at gmail.com>>
> http://www.parsonsisconsulting.com<http://www.parsonsisconsulting.com/>
> http://www.parsonsisconsultingblog.com<http://www.parsonsisconsultingblog.com/>
> <http://www.o2-ounceopen.com/o2-power-users/>
> http://www.linkedin.com/in/parsonsconsulting
> http://www.vimeo.com/8939668
> http://twitter.com/parsonsmatt
>
>
>
>
>
>
>
>
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org<mailto:Owasp-codereview at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-codereview
>
>


--
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20101124/e8bafb29/attachment-0001.html

------------------------------

_______________________________________________
Owasp-codereview mailing list
Owasp-codereview at lists.owasp.org<mailto:Owasp-codereview at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-codereview


End of Owasp-codereview Digest, Vol 41, Issue 1
***********************************************



More information about the Owasp-codereview mailing list