[Owasp-testing] [Owasp-codereview] Fwd: Code review Structure

Andrew van der Stock vanderaj at owasp.org
Fri Jan 12 13:50:20 EST 2007


I will take any chapter which remains unassigned. Or even if you  
assign me a random chapter I'll be okay with that.

thanks,
Andrew

On 09/01/2007, at 10:47 AM, Eoin wrote:

> Hi,
> Below is the current structure of the code review guide.
>
> If anyone would like to take on a section (improve a section/add  
> more info) please let me know and ill pen you in for it.
> thanks,
> Eoin
>
> Methodology
>
>
> Introduction
> Steps and Roles
>
> Code Review Processes
>
> Design review
> Designing for security
>
> Examples by Vulnerability
>
>
>
> Buffer Overruns and Overflows
> OS Injection
>
> SQL Injection
>
> Data Validation
>
> Error Handling
>
> Logging issues
>
> The Secure Code Environment
>
> Transaction Analysis
>
> Authorization
>
> Authentication
>
> Session Integrity
>
> Cross Site Request Forgery
>
> Cryptography
>
> Dangerous HTTP Methods
>
> Race Conditions
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Language specific best practice
>
> Java
>
>
> Inner classes
> Class comparison
>
> Cloneable classes
>
> Serializable classes
>
> Package scope and encapsulation
>
> Mutable objects
>
> Private methods & circumvention
>
>
>
>
>
>
>
>
>
>
>
>
> .NET
>
> PHP
>
> Automating Code Reviews
>
>
> Preface
> Reasons for using automated tools
>
> Education and cultural change
>
> Tool Deployment Model
>
>
>
>
>
>
> References
>
>
> -- 
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> http://www.owasp.org/index.php/OWASP_Testing_Project
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-codereview

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070112/986746f6/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20070112/986746f6/attachment.bin 


More information about the Owasp-testing mailing list