[Owasp-codereview] Code Review Project Tasks

Larry Conklin larry.conklin at owasp.org
Thu Jan 24 02:03:07 UTC 2013


Hello Everyone;

My name is Larry Conklin, the project support person for the Code Review
project. I will be helping out wherever I can. Eoin Keary is the technical
leader for the project.

One of the first steps is to create a task list of who is going to be
responsible for each part of the Code Review book. Listed below are the
sections.

 Please respond for what section you want to be responsible for or help
with. If you have any questions please ask.


   1. Security Code Review in the SDLC
   2. Security Code Review Coverage
   3. Application Threat Modeling
   4. Code Review Metrics
   5. Crawling code
   6. Searching for code in J2EE/Java
   7. Searching for code in Classic ASP
   8. Javascript / Web 2.0 keywords and pointers
   9. Code review and PCI DSS
   10. Reviewing by technical control: Authentication
   11. Reviewing by technical control: Authorization
   12. Reviewing by technical control: Session Management
   13. Reviewing by technical control: Input Validation
   14. Reviewing by technical control: Error Handling
   15. Reviewing by technical control Secure application deployment
   16. Reviewing by technical control Cryptographic controls
   17. Reviewing Code for Buffer Overruns and Overflows
   18. Reviewing Code for OS Injection
   19. Reviewing Code for SQL Injection
   20. Reviewing Code for Data Validation
   21. Reviewing Code for Cross-site scripting
   22. Reviewing code for Cross-Site Request Forgery issue
   23. Reviewing Code for Logging Issues
   24. Reviewing Code for Session Integrity issues
   25. Reviewing Code for Race Conditions
   26. Additional security considerations:
   27. Java gotchas
   28. Java leading security practice
   29. Classic ASP Design Mistakes
   30. PHP Security Leading Practice
   31. Strings and Integers     Error!
   32. Reviewing MySQL Security
   33. Reviewing Flash Applications
   34. Reviewing Web services
   35. How to write an application code review finding
   36. Automated Code revieW
   37. Tool Deployment Model
   38. The Owasp Orizon Framework
   39. The Owasp Code Review Top 9
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-codereview/attachments/20130123/2d10b8ba/attachment.html>


More information about the Owasp-codereview mailing list