[Owasp-leaders] Code Review Guide Project 2.0 - Reviewing by Technical Control

Dinis Cruz dinis.cruz at owasp.org
Wed Oct 2 08:17:02 UTC 2013


Hi Larry, I would like to create a 'beta' or 'alpha' version of this guide
for the Projects Summit (in book format)

we've done this before and the idea is to have a 'work in progress' book
which will help the current content to be used/tested and help with reviews
(I for example prefer to review on paper)

Can you point me to the location where I can get the PDF (or markdown) for
print?

My current plan is to use Lulu.com
On 2 Oct 2013 03:48, "Larry Conklin" <larry.conklin at owasp.org> wrote:

> Hi Everyone, Authors we need to get some content started for the Reviewing
> by Technical Control section of our Code Review Guide book. I have listed
> below content sections with authors name that have no content. Authors if
> you can't complete the section you have signed up please remove our name in
> the TOC (
> https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents).
> Other please don't feel that only one author "owns" a content section,
> remember this is a community project.
>
> Also we still have sections open with no authors assigned. Any
> volunteers??? This is a great project to be part of. Code Review Guide is
> an OWASP flagship project.
>
>
> https://www.owasp.org/index.php/OWASP_Code_review_V2_Project
>
> Remember, write often, write in the wiki, have fun!!!
>
> Larry Conklin
>
> *Reviewing by Technical Control*
>
> *Reviewing code for Authentication controls*
>
> Author - Anand Prakash, Joan Renchie
>
> *
> *
>
> *Checking authz upon every request*
>
> Author - Abbas Naderi, Joan Renchie
>
>
>
> *Reducing the attack surface, previous version to be updated*
>
> Author - Chris Berberich
>
>
>
> *Reviewing code for Session handling, previous version to be updated*
>
> Author - Palak Gohil, Abbas Naderi
>
>
>
> *Javascript*
>
> Author - Abbas Naderi
>
>
>
> *"Jacking"/Framing*
>
> Author - Abbas Naderi
>
>
>
> *HTML 5?*
>
> Author - Sebastien Gioria
>
>
>
> *Regex Gotchas*
>
> Author - Abbas Naderi
>
> * *
>
> *Reviewing code for contextual encoding*
>
> *HTML Attribute*
>
> Author - Shenai Silva
>
>
>
> *HTML Entity*
>
> Author - Shenai Silva
>
>
>
> *JQuery*
>
> Author - Abbas Naderi
>
>
>
> *Resource Exhaustion - error handling*
>
> Author - Abbas Naderi
>
>
>
> *Native calls*
>
> Author Abbas Naderi
>
>
>
> *Review for active defense*
>
> Author - Colin Watson
>
>
>
> *Reviewing Secure Storage*
>
> Author - Azzeddine Ramrami
>
>
>
> *Reviewing by Technical Control  - Open need authors…*
>
> *Out of Band considerations, previous version to be updated*
>
> Author – Open
>
>
>
> *Reviewing client side code, New Section*
>
> Author – Open
>
>
>
> *Browser Defenses policy*
>
> Author - Open
>
>
>
> *Review code for input validation*
>
> Author – Open
>
>
>
> *JSON*
>
> Author – Open
>
>
>
> *Content Security Policy*
>
> Author – Open
>
>
>
> *Javascript Parameters*
>
> Author – Open
>
>
>
> *Reviewing file and resource handling code*
>
> Author – Open
>
>
>
> *Reviewing Security alerts*
>
> Author – Open
>
>
>
> *Reviewing Security alerts*
>
> Author – Open
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131002/4e6521c7/attachment-0001.html>


More information about the OWASP-Leaders mailing list