[OWASP-Philadelphia] Power of Code Review -- Deck request

Dave Wichers dave.wichers at owasp.org
Wed Mar 16 10:23:49 EDT 2011

Some of you were asking about how you make peer code review really work.

I found this new article on this subject pretty useful. It's not focused on
security code review, it's about any kind of code review.


I really liked steps 4. Be sure that authors annotate source code before the
review begins
And step 10: Review at least part of the code, even if you can't do all of
it, to benefit from The Ego Effect

And their step 11: Adopt lightweight, tool-assisted code reviews

Is right on. And by tool assisted, they don't mean IBM/HP code analysis
tools. Eclipse or whatever IDE is your friend.

But all of the steps they suggest look good to me and are backed by a very
large study, which I haven't done.


-----Original Message-----
From: owasp-philadelphia-bounces at lists.owasp.org
[mailto:owasp-philadelphia-bounces at lists.owasp.org] On Behalf Of Justin C.
Klein Keane
Sent: Tuesday, March 08, 2011 10:36 AM
To: owasp-philadelphia at lists.owasp.org
Subject: Re: [OWASP-Philadelphia] Power of Code Review -- Deck request

Hash: SHA1


  I found the slides with Dave's help.  If you go to the agenda, the link to
the slides is below the title of his talk.  The direct link for the slides


The link for the video is:



Justin C. Klein Keane

Sr. Information Security Specialist
Information Security and Unix Systems
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Room 520
Philadelphia, PA 19104

The digital signature on this e-mail can be confirmed using the public key
at https://www.sas.upenn.edu/computing/user/3.

On 03/08/2011 10:13 AM, Chalfen, Samuel wrote:
> Dave, Aaron and Justin,
> Thank you for a compelling and interesting talk last night. It was great.
> At the OWASP and OWASP summit sites, I had trouble finding the deck Dave
presented last night.  Would you kindly send a link?
> Many thanks,
> Sam
> =====
> Date: Fri, 4 Mar 2011 09:46:24 -0500
> From: Aaron Weaver <aaron.weaver2 at gmail.com>
> Subject: [OWASP-Philadelphia] Meeting place
> To: owasp-philadelphia at lists.owasp.org
> Message-ID:
> 	<AANLkTikQDQ2hgU43xRR0fHUG8Od=JOgBrKdHcT=_zYFE at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> Hi all - Update with the meeting place for Monday's meeting:
> *Next Meeting: **Monday, March 7th, from 6:30 - 8:00 PM*
> *OWASP Philly/ Meeting - Fisher-Bennett Hall - 322*
> *When:* Monday, March 7th from 6:30 - 8:00 PM
> *Where:* University of Pennsylvania, Fisher-Bennett Hall - 322, 
> Philadelphia
> *The Power of Code Review*
> Dave Wichers is a cofounder and the Chief Operating Officer (COO) of 
> Aspect Security.
>    - As a volunteer to OWASP, Dave is:
>    - A member of the OWASP Board,
>    - The OWASP Conferences Chair,
>    - Project lead and coauthor of the OWASP Top 10,
>    - Coauthor of the OWASP Application Security Verification Standard, and
>    - Contributor to the OWASP Enterprise Security API (ESAPI) project.
> The building entrance faces the intersection of 34th and Walnut 
> streets and the room is on the third floor. Folks should bring 
> identification and let the guard know they're coming for the OWASP
> -------------- next part -------------- An HTML attachment was 
> scrubbed...
> URL: 
> https://lists.owasp.org/pipermail/owasp-philadelphia/attachments/20110
> 304/e68b2731/attachment.html
> ------------------------------
> _______________________________________________
> OWASP-Philadelphia mailing list
> OWASP-Philadelphia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-philadelphia
> End of OWASP-Philadelphia Digest, Vol 25, Issue 2
> *************************************************
> _______________________________________________
> OWASP-Philadelphia mailing list
> OWASP-Philadelphia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-philadelphia
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

OWASP-Philadelphia mailing list
OWASP-Philadelphia at lists.owasp.org

More information about the OWASP-Philadelphia mailing list