[Owasp-leaders] Code Review Guide Project 2.0

Eoin eoin.keary at owasp.org
Mon Sep 16 13:52:20 UTC 2013


Thanks Paulo,
appreciated.
Eoin



On 16 September 2013 10:33, Paolo Perego <thesp0nge at owasp.org> wrote:

> Larry, I'm kickstarting again the security guide on Ruby on Rails
> (including also Sinatra and Padrino frameworks)[1]. Count me in for ruby
> content.
>
>
> [1]:
> https://www.owasp.org/index.php/Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide
>
> Paolo
>
>
> On Mon, Sep 16, 2013 at 5:33 AM, Larry Conklin <larry.conklin at owasp.org>wrote:
>
>> Hello Leaders
>>
>> Let me introduce myself, my name is Larry Conklin I am the co-leader of
>> the Code Review Guide Project 2.0. Eoin Keary is the other leader and
>> project originator . We are in the middle of updating and adding new
>> content to re-publish the Code Review Guide Book. This is one of OWASP's
>> Flagship projects. Our goal is to create excellant material that can be
>> used by developers and people who review code to help spot vulnerabilities
>> in code before the code is put into production.
>>
>> So far we are having great success however I have noticed a few areas
>> where we can use additional expertise, which is the reason for this email.
>> I need help with Java, Python, Ruby, PHP and volunteers who can provide
>> samples of Ruby and PHP code and explanation of what the code reviewer
>> needs to look out for during a code review. Right now we are becoming to
>> .Net centric.
>>
>> Specifically I am looking for Java, Python, Ruby and PHP content for
>> these sections….
>>
>> Reviewing by Technical Control
>>
>>
>>    - Hashing & Salting - When, How and Where
>>
>> Reviewing by Vulnerability
>>
>>
>>    - Persistent - The Anti pattern
>>    - Reflected - The Anti pattern
>>    - Stored - The Anti pattern
>>    - Reviewing code for SQL Injection
>>    - The Anti pattern
>>    - Framework specific Issues
>>    - Using OWASP Top 10 as your guideline
>>
>> Leaders please let me know if have any time and are willing to contribute
>> to this project. Thank you for your consideration.
>>
>> Link to TOC for Code Review Guide Project 2.0
>>
>>
>> https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#OWASP_Code_Review_Guide_v2.0
>> :
>>
>> Larry Conklin, CISSP
>>
>> Larry.Conklin at owasp.com
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> "... static analysis is fun, again!"
>
> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
> OWASP Esapi Ruby project leader,
> https://github.com/thesp0nge/owasp-esapi-ruby
>



-- 
Eoin Keary
OWASP Member
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130916/968376db/attachment.html>


More information about the OWASP-Leaders mailing list