[Owasp-testing] Fwd: Code review Structure
kist at meridiansecurity.net
Fri Jan 12 10:25:36 EST 2007
What is the desired structure for the best practices section? How about
something like this:
Vulnerability (with a link to the section that describes the vulnerability)
Best practice 1 - Description (includes how and to what level the
vulnerability is addressed by this best practice)
Best practice 1 - Code example (if applicable)
Best practice 2 - Description
Best practice 2 - Code example (if applicable)
From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Thursday, January 11, 2007 10:45 AM
To: Mark Roxberry
Cc: Owasp-codereview at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Fwd: Code review Structure
i believe there is a design section but it has not been touched yet:
Designing for security (section).
You you consider putting a .NET design section within this.
Authoring the .NET best practice section would be great!! I'll put your name
On 11/01/07, Mark Roxberry <me at markroxberry.net> wrote:
I'll do .NET Code Review Best Practices.
Can I include Design Guidance as a section? Or maybe we need to consider
Secure Application Design for an OWASP project (or do we have plans for this
already)? An example, in ASP.NET <http://asp.net/> 2.0, when do we
recommend using the MembershipProviders and integrating with .NET framework
before rolling your own access control system. Design guidance would
outline the scenarios for each security design. What do you think?
I'll post a topic list by tomorrow.
----- Original Message -----
From: Eoin <mailto:eoin.keary at owasp.org>
To: owasp-testing at lists.owasp.org <mailto:owasp-testing at lists.owasp.org> ;
Owasp-codereview at lists.owasp.org
Sent: Tuesday, January 09, 2007 10:47 AM
Subject: [Owasp-testing] Fwd: Code review Structure
Below is the current structure of the code review guide.
If anyone would like to take on a section (improve a section/add more info)
please let me know and ill pen you in for it.
Steps and Roles
Code Review Processes
Designing for security
Examples by Vulnerability
Buffer Overruns and Overflows
The Secure Code Environment
Cross Site Request Forgery
Dangerous HTTP Methods
Language specific best practice
Package scope and encapsulation
Private methods & circumvention
Automating Code Reviews
Reasons for using automated tools
Education and cultural change
Tool Deployment Model
Eoin Keary OWASP - Ireland
Owasp-testing mailing list
Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
Eoin Keary OWASP - Ireland
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing