[Owasp-codereview] Code Review Project Tasks

Eoin Keary eoin.keary at owasp.org
Thu Jan 24 14:41:07 UTC 2013


Hi,
The link to the New ToC (Table of Contents is here):
https://docs.google.com/document/d/1N_KtKZHEghEzlKRv9iN_QQEiohyyomC5Wg4NlZdmLcA/edit

If you would like to contribute to a section please put ur email beside the
section!!
Even if you can only donate a little time, thats good enough.

There is some refresh work to do on some sections and some new sections
also. Tech has move a long way since the last version!!

-ek




On Thu, Jan 24, 2013 at 2:03 AM, Larry Conklin <larry.conklin at owasp.org>wrote:

> Hello Everyone;
>
> My name is Larry Conklin, the project support person for the Code Review
> project. I will be helping out wherever I can. Eoin Keary is the technical
> leader for the project.
>
> One of the first steps is to create a task list of who is going to be
> responsible for each part of the Code Review book. Listed below are the
> sections.
>
>  Please respond for what section you want to be responsible for or help
> with. If you have any questions please ask.
>
>
>    1. Security Code Review in the SDLC
>    2. Security Code Review Coverage
>    3. Application Threat Modeling
>    4. Code Review Metrics
>    5. Crawling code
>    6. Searching for code in J2EE/Java
>    7. Searching for code in Classic ASP
>    8. Javascript / Web 2.0 keywords and pointers
>    9. Code review and PCI DSS
>    10. Reviewing by technical control: Authentication
>    11. Reviewing by technical control: Authorization
>    12. Reviewing by technical control: Session Management
>    13. Reviewing by technical control: Input Validation
>    14. Reviewing by technical control: Error Handling
>    15. Reviewing by technical control Secure application deployment
>    16. Reviewing by technical control Cryptographic controls
>    17. Reviewing Code for Buffer Overruns and Overflows
>    18. Reviewing Code for OS Injection
>    19. Reviewing Code for SQL Injection
>    20. Reviewing Code for Data Validation
>    21. Reviewing Code for Cross-site scripting
>    22. Reviewing code for Cross-Site Request Forgery issue
>    23. Reviewing Code for Logging Issues
>    24. Reviewing Code for Session Integrity issues
>    25. Reviewing Code for Race Conditions
>    26. Additional security considerations:
>    27. Java gotchas
>    28. Java leading security practice
>    29. Classic ASP Design Mistakes
>    30. PHP Security Leading Practice
>    31. Strings and Integers     Error!
>    32. Reviewing MySQL Security
>    33. Reviewing Flash Applications
>    34. Reviewing Web services
>    35. How to write an application code review finding
>    36. Automated Code revieW
>    37. Tool Deployment Model
>    38. The Owasp Orizon Framework
>    39. The Owasp Code Review Top 9
>
>
>
>
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-codereview
>
>


-- 
Global Board Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-codereview/attachments/20130124/4b74f9d4/attachment.html>


More information about the Owasp-codereview mailing list