[Owasp-leaders] Code Review Guide Project 2.0

Paolo Perego thesp0nge at owasp.org
Mon Sep 16 09:33:30 UTC 2013


Larry, I'm kickstarting again the security guide on Ruby on Rails
(including also Sinatra and Padrino frameworks)[1]. Count me in for ruby
content.


[1]:
https://www.owasp.org/index.php/Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide

Paolo


On Mon, Sep 16, 2013 at 5:33 AM, Larry Conklin <larry.conklin at owasp.org>wrote:

> Hello Leaders
>
> Let me introduce myself, my name is Larry Conklin I am the co-leader of
> the Code Review Guide Project 2.0. Eoin Keary is the other leader and
> project originator . We are in the middle of updating and adding new
> content to re-publish the Code Review Guide Book. This is one of OWASP's
> Flagship projects. Our goal is to create excellant material that can be
> used by developers and people who review code to help spot vulnerabilities
> in code before the code is put into production.
>
> So far we are having great success however I have noticed a few areas
> where we can use additional expertise, which is the reason for this email.
> I need help with Java, Python, Ruby, PHP and volunteers who can provide
> samples of Ruby and PHP code and explanation of what the code reviewer
> needs to look out for during a code review. Right now we are becoming to
> .Net centric.
>
> Specifically I am looking for Java, Python, Ruby and PHP content for
> these sections….
>
> Reviewing by Technical Control
>
>
>    - Hashing & Salting - When, How and Where
>
> Reviewing by Vulnerability
>
>
>    - Persistent - The Anti pattern
>    - Reflected - The Anti pattern
>    - Stored - The Anti pattern
>    - Reviewing code for SQL Injection
>    - The Anti pattern
>    - Framework specific Issues
>    - Using OWASP Top 10 as your guideline
>
> Leaders please let me know if have any time and are willing to contribute
> to this project. Thank you for your consideration.
>
> Link to TOC for Code Review Guide Project 2.0
>
>
> https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#OWASP_Code_Review_Guide_v2.0
> :
>
> Larry Conklin, CISSP
>
> Larry.Conklin at owasp.com
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
"... static analysis is fun, again!"

OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
OWASP Esapi Ruby project leader,
https://github.com/thesp0nge/owasp-esapi-ruby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130916/cf8553a9/attachment.html>


More information about the OWASP-Leaders mailing list