[Owasp-leaders] Code Review Guide Project 2.0

Larry Conklin larry.conklin at owasp.org
Mon Sep 16 03:33:19 UTC 2013


Hello Leaders

Let me introduce myself, my name is Larry Conklin I am the co-leader of the
Code Review Guide Project 2.0. Eoin Keary is the other leader and project
originator . We are in the middle of updating and adding new content to
re-publish the Code Review Guide Book. This is one of OWASP's Flagship
projects. Our goal is to create excellant material that can be used by
developers and people who review code to help spot vulnerabilities in code
before the code is put into production.

So far we are having great success however I have noticed a few areas where
we can use additional expertise, which is the reason for this email. I need
help with Java, Python, Ruby, PHP and volunteers who can provide samples of
Ruby and PHP code and explanation of what the code reviewer needs to look
out for during a code review. Right now we are becoming to .Net centric.

Specifically I am looking for Java, Python, Ruby and PHP content for these
sections….

Reviewing by Technical Control


   - Hashing & Salting - When, How and Where

Reviewing by Vulnerability


   - Persistent - The Anti pattern
   - Reflected - The Anti pattern
   - Stored - The Anti pattern
   - Reviewing code for SQL Injection
   - The Anti pattern
   - Framework specific Issues
   - Using OWASP Top 10 as your guideline

Leaders please let me know if have any time and are willing to contribute
to this project. Thank you for your consideration.

Link to TOC for Code Review Guide Project 2.0

https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#OWASP_Code_Review_Guide_v2.0
:

Larry Conklin, CISSP

Larry.Conklin at owasp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130915/804e7544/attachment.html>


More information about the OWASP-Leaders mailing list