[Owasp-leaders] Code review guide reboot - ToC

johanna curiel curiel johanna.curiel at owasp.org
Sat Sep 29 13:59:44 UTC 2012


Hi Eoin,

I have added the following subjects to the ToC (under framework Specific
Issues):


.NET Security

Security in ASP.NET applications

Strongly Named Assemblies

                  Round Tripping

                  How to prevent Round tripping

Setting the right Configurations

Authentication Options

Code Review for Managed code - .NET 1.0 & 2.0

Using OWASP Top 10 as your guideline ==>

*In this section, I review the top ten issues applying them specifically
for .NET code & Configurations*
           Code review for Unsafe Code (C#)
            Keep up to date with current vulnerabel issues

The first part of the ToC explores the issues in a general way, in this
section , I would like to implode the general sections into more specific
objectives for ASP.NET applications.

Let me know what you think

Best regards





On Sat, Sep 22, 2012 at 7:36 AM, Eoin <eoin.keary at owasp.org> wrote:

> Great did you put it into the ToC?
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 22 Sep 2012, at 14:13, Johanna Curiel <johanna.curiel at owasp.org> wrote:
>
> Hi Eoin
>
> specific topics I'll like to write  about are(related to .net programming)
>
> using the security guidelines checklist for asp.net
> how to secure cookies
> how to implement salt for passwords
> creating secure connectionstrings
> input sanitation using regex
> avoid click jacking
> how to set custom error pages
> .net flaws and work arounds
> keep update with current security issues
>
>
>
>
> C# language
>  .net c# unsafe/unmanaged code programming security guidelines
>
>
> regards
>
>
> Johanna
>
>
>
>
>
> Op 11 sep. 2012 om 13:27 heeft Eoin <eoin.keary at owasp.org> het volgende
> geschreven:
>
> Hey good people of OWASP.
>
> The OWASP Code review guide Table of Contents (ToC) is here:
>
> https://docs.google.com/document/d/1N_KtKZHEghEzlKRv9iN_QQEiohyyomC5Wg4NlZdmLcA/edit
> I've added some items and happy to restructure and adjust as we all see
> fit.
> Please feel free to comment/add etc.
>
> many thanks lets started!!
>
> Eoin
>
>
>
> On 1 September 2012 13:20, Eoin <eoin.keary at owasp.org> wrote:
>
>> Hello leaders,
>> I'd like to get the code review guide rebooted.
>> Does anyone want to help?
>> First of all is to revamp structure and also identify parts of v1.1 which
>> need regrets (lots of it).
>> It's not a sexy as the testing guide but I assure you, you will learn
>> lots if you partake in writing some chapters.
>> I'd also like to focus on framework insecurity such as spring, zend,
>> struts etc. Also reviewing mobile code is also important.
>> If you feel like you would like to commit some hours to this please ping
>> me:)
>> Thanks,
>> Eoin.
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> Eoin Keary
> OWASP Global Board Member (Vice Chair)
>
> https://twitter.com/EoinKeary
>
>
>  _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120929/95ded79a/attachment.html>


More information about the OWASP-Leaders mailing list