[Owasp-leaders] Code Review Guide Project 2.0 - Reviewing by Technical Control

Larry Conklin larry.conklin at owasp.org
Wed Oct 2 02:47:33 UTC 2013


Hi Everyone, Authors we need to get some content started for the Reviewing
by Technical Control section of our Code Review Guide book. I have listed
below content sections with authors name that have no content. Authors if
you can't complete the section you have signed up please remove our name in
the TOC (
https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents).
Other please don't feel that only one author "owns" a content section,
remember this is a community project.

Also we still have sections open with no authors assigned. Any
volunteers??? This is a great project to be part of. Code Review Guide is
an OWASP flagship project.


https://www.owasp.org/index.php/OWASP_Code_review_V2_Project

Remember, write often, write in the wiki, have fun!!!

Larry Conklin

*Reviewing by Technical Control*

*Reviewing code for Authentication controls*

Author - Anand Prakash, Joan Renchie

*
*

*Checking authz upon every request*

Author - Abbas Naderi, Joan Renchie



*Reducing the attack surface, previous version to be updated*

Author - Chris Berberich



*Reviewing code for Session handling, previous version to be updated*

Author - Palak Gohil, Abbas Naderi



*Javascript*

Author - Abbas Naderi



*"Jacking"/Framing*

Author - Abbas Naderi



*HTML 5?*

Author - Sebastien Gioria



*Regex Gotchas*

Author - Abbas Naderi

* *

*Reviewing code for contextual encoding*

*HTML Attribute*

Author - Shenai Silva



*HTML Entity*

Author - Shenai Silva



*JQuery*

Author - Abbas Naderi



*Resource Exhaustion - error handling*

Author - Abbas Naderi



*Native calls*

Author Abbas Naderi



*Review for active defense*

Author - Colin Watson



*Reviewing Secure Storage*

Author - Azzeddine Ramrami



*Reviewing by Technical Control  - Open need authors…*

*Out of Band considerations, previous version to be updated*

Author – Open



*Reviewing client side code, New Section*

Author – Open



*Browser Defenses policy*

Author - Open



*Review code for input validation*

Author – Open



*JSON*

Author – Open



*Content Security Policy*

Author – Open



*Javascript Parameters*

Author – Open



*Reviewing file and resource handling code*

Author – Open



*Reviewing Security alerts*

Author – Open



*Reviewing Security alerts*

Author – Open
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131001/027a2c87/attachment.html>


More information about the OWASP-Leaders mailing list