[Owasp-testing] Fwd: Code review Structure

Eoin eoin.keary at owasp.org
Tue Jan 9 10:47:49 EST 2007


Hi,
Below is the current structure of the code review guide.

If anyone would like to take on a section (improve a section/add more info)
please let me know and ill pen you in for it.
thanks,
Eoin


Methodology


   *Introduction*

   *Steps and Roles*

   *Code Review Processes*

   Design review
   *Designing for security*

   Examples by Vulnerability



   *Buffer Overruns and Overflows*

   *OS Injection*

   *SQL Injection*

   *Data Validation*

   *Error Handling*

   *Logging issues*

   *The Secure Code Environment*

   *Transaction Analysis*

   *Authorization*

   *Authentication*

   *Session Integrity*

   *Cross Site Request Forgery*

   *Cryptography*

   *Dangerous HTTP Methods*

   *Race Conditions*


Language specific best practice

Java


   *Inner classes*

   *Class comparison*

   *Cloneable classes*

   *Serializable classes*

   *Package scope and encapsulation*

   *Mutable objects*

   *Private methods & circumvention*



.NET

PHP

Automating Code Reviews


   *Preface *

   *Reasons for using automated tools*

   *Education and cultural change*

   *Tool Deployment Model*



*References*

-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070109/2077697f/attachment.html 


More information about the Owasp-testing mailing list