[Owasp-leaders] Code Review Guide Project

Larry Conklin larry.conklin at owasp.org
Sat Nov 1 22:10:44 UTC 2014


All We are in the final stages of completing the content for the Code
Review Guide. We have a few items that are on our original Table of
Contents that we are planning to drop.

Reason to drop these items is one of the following reasons....

   - We don't have the resource to cover them.(Ruby and PHP,
   ColdFusion,CodeIgniter)
   - Item is vague.
   - Subject is large enough to cover it would be a book into itself.
   - Relevance. (ColdFusion, CodeIgniter,ESAPI)
   - Already covered under a different section/title.

If you have any input on our decision please contact the code review guide.
We are always open to feedback. Thank You.

Reviewing by Technical Control

   - Reviewing client side code (Covered under java script, html5)
   - ESAPI
   - Native calls (Vague)
   - Reviewing Security alerts(Vague, subject is large)
   - Reviewing Secure Storage(Vague, subject is large)



Reviewing by Vulnerability


   - Persistent - The Anti pattern - Ruby(
   - Reflected - The Anti pattern - Ruby
   - The Anti pattern - Ruby, Cold Fusions
   - Framework specific Issues - Ruby on Rails, PHP Specific Issues, C#,
   C++, ColdFusion, CodeIgniter


Larry Conklin, CISSP
Gary Robinson, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141101/81153559/attachment.html>


More information about the OWASP-Leaders mailing list