[Owasp-testing] Kicking off the code review guide (again)

Eoin eoinkeary at gmail.com
Thu Jan 4 09:12:59 EST 2007


Format of chapters:

*1. Introduction/brief description of <vulnerability>*
*2. *How to locate the potentially vulnerable
code<http://www.owasp.org/index.php/Buffer_Overruns_and_Overflows#How_to_locate_the_potentially_vulnerable_code>
* *
*3. Vulnerable Patterns for <vulnerability>*
*4. Good Patterns & procedures to prevent <vulnerability>*
*4.1 Code examples*
**
So taking on PHP would mean covering vulnerabilities relating to PHP bad
coding:

XSS would have a PHP section
Remote code execution/OS injection would have a PHP section
SQL injection would have a PHP  section
Configuration errors would have a PHP section.
....and so on.

Eoin





On 04/01/07, James Kist <kist at meridiansecurity.net> wrote:
>
>  I can do the PHP section. What is the desired format of the articles?
>
>  ------------------------------
> *From:* owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] *On Behalf Of *Eoin
> *Sent:* Wednesday, January 03, 2007 4:53 AM
> *To:* Owasp-codereview at lists.owasp.org; owasp-testing at lists.owasp.org
> *Subject:* [Owasp-testing] Kicking off the code review guide (again)
>
>
>  Hi,
> If you would like to contribute to the code review guide please let me
> know.
> There are many areas to be covered:
>
> Java best security practice practice
> C/C++  Best security practice
> AJAX/Client side code issues and solutions
> PHP Issues and solutions.
>
> and much more,
> Eoin
>
>
> --
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> http://www.owasp.org/index.php/OWASP_Testing_Project
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
>



-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070104/d6cfffbb/attachment.html 


More information about the Owasp-testing mailing list