[Owasp-leaders] Code Review Guide Project 2.0
eoin.keary at owasp.org
Mon Sep 16 13:52:20 UTC 2013
On 16 September 2013 10:33, Paolo Perego <thesp0nge at owasp.org> wrote:
> Larry, I'm kickstarting again the security guide on Ruby on Rails
> (including also Sinatra and Padrino frameworks). Count me in for ruby
> On Mon, Sep 16, 2013 at 5:33 AM, Larry Conklin <larry.conklin at owasp.org>wrote:
>> Hello Leaders
>> Let me introduce myself, my name is Larry Conklin I am the co-leader of
>> the Code Review Guide Project 2.0. Eoin Keary is the other leader and
>> project originator . We are in the middle of updating and adding new
>> content to re-publish the Code Review Guide Book. This is one of OWASP's
>> Flagship projects. Our goal is to create excellant material that can be
>> used by developers and people who review code to help spot vulnerabilities
>> in code before the code is put into production.
>> So far we are having great success however I have noticed a few areas
>> where we can use additional expertise, which is the reason for this email.
>> I need help with Java, Python, Ruby, PHP and volunteers who can provide
>> samples of Ruby and PHP code and explanation of what the code reviewer
>> needs to look out for during a code review. Right now we are becoming to
>> .Net centric.
>> Specifically I am looking for Java, Python, Ruby and PHP content for
>> these sections….
>> Reviewing by Technical Control
>> - Hashing & Salting - When, How and Where
>> Reviewing by Vulnerability
>> - Persistent - The Anti pattern
>> - Reflected - The Anti pattern
>> - Stored - The Anti pattern
>> - Reviewing code for SQL Injection
>> - The Anti pattern
>> - Framework specific Issues
>> - Using OWASP Top 10 as your guideline
>> Leaders please let me know if have any time and are willing to contribute
>> to this project. Thank you for your consideration.
>> Link to TOC for Code Review Guide Project 2.0
>> Larry Conklin, CISSP
>> Larry.Conklin at owasp.com
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> "... static analysis is fun, again!"
> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
> OWASP Esapi Ruby project leader,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders