[Owasp-leaders] Code Review Guide Project 2.0
thesp0nge at owasp.org
Mon Sep 16 09:33:30 UTC 2013
Larry, I'm kickstarting again the security guide on Ruby on Rails
(including also Sinatra and Padrino frameworks). Count me in for ruby
On Mon, Sep 16, 2013 at 5:33 AM, Larry Conklin <larry.conklin at owasp.org>wrote:
> Hello Leaders
> Let me introduce myself, my name is Larry Conklin I am the co-leader of
> the Code Review Guide Project 2.0. Eoin Keary is the other leader and
> project originator . We are in the middle of updating and adding new
> content to re-publish the Code Review Guide Book. This is one of OWASP's
> Flagship projects. Our goal is to create excellant material that can be
> used by developers and people who review code to help spot vulnerabilities
> in code before the code is put into production.
> So far we are having great success however I have noticed a few areas
> where we can use additional expertise, which is the reason for this email.
> I need help with Java, Python, Ruby, PHP and volunteers who can provide
> samples of Ruby and PHP code and explanation of what the code reviewer
> needs to look out for during a code review. Right now we are becoming to
> .Net centric.
> Specifically I am looking for Java, Python, Ruby and PHP content for
> these sections….
> Reviewing by Technical Control
> - Hashing & Salting - When, How and Where
> Reviewing by Vulnerability
> - Persistent - The Anti pattern
> - Reflected - The Anti pattern
> - Stored - The Anti pattern
> - Reviewing code for SQL Injection
> - The Anti pattern
> - Framework specific Issues
> - Using OWASP Top 10 as your guideline
> Leaders please let me know if have any time and are willing to contribute
> to this project. Thank you for your consideration.
> Link to TOC for Code Review Guide Project 2.0
> Larry Conklin, CISSP
> Larry.Conklin at owasp.com
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
"... static analysis is fun, again!"
OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
OWASP Esapi Ruby project leader,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders