[Owasp-leaders] Code review guide reboot - ToC
johanna curiel curiel
johanna.curiel at owasp.org
Sat Sep 29 13:59:44 UTC 2012
I have added the following subjects to the ToC (under framework Specific
Security in ASP.NET applications
Strongly Named Assemblies
How to prevent Round tripping
Setting the right Configurations
Code Review for Managed code - .NET 1.0 & 2.0
Using OWASP Top 10 as your guideline ==>
*In this section, I review the top ten issues applying them specifically
for .NET code & Configurations*
Code review for Unsafe Code (C#)
Keep up to date with current vulnerabel issues
The first part of the ToC explores the issues in a general way, in this
section , I would like to implode the general sections into more specific
objectives for ASP.NET applications.
Let me know what you think
On Sat, Sep 22, 2012 at 7:36 AM, Eoin <eoin.keary at owasp.org> wrote:
> Great did you put it into the ToC?
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 22 Sep 2012, at 14:13, Johanna Curiel <johanna.curiel at owasp.org> wrote:
> Hi Eoin
> specific topics I'll like to write about are(related to .net programming)
> using the security guidelines checklist for asp.net
> how to secure cookies
> how to implement salt for passwords
> creating secure connectionstrings
> input sanitation using regex
> avoid click jacking
> how to set custom error pages
> .net flaws and work arounds
> keep update with current security issues
> C# language
> .net c# unsafe/unmanaged code programming security guidelines
> Op 11 sep. 2012 om 13:27 heeft Eoin <eoin.keary at owasp.org> het volgende
> Hey good people of OWASP.
> The OWASP Code review guide Table of Contents (ToC) is here:
> I've added some items and happy to restructure and adjust as we all see
> Please feel free to comment/add etc.
> many thanks lets started!!
> On 1 September 2012 13:20, Eoin <eoin.keary at owasp.org> wrote:
>> Hello leaders,
>> I'd like to get the code review guide rebooted.
>> Does anyone want to help?
>> First of all is to revamp structure and also identify parts of v1.1 which
>> need regrets (lots of it).
>> It's not a sexy as the testing guide but I assure you, you will learn
>> lots if you partake in writing some chapters.
>> I'd also like to focus on framework insecurity such as spring, zend,
>> struts etc. Also reviewing mobile code is also important.
>> If you feel like you would like to commit some hours to this please ping
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> Eoin Keary
> OWASP Global Board Member (Vice Chair)
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders