[Owasp-testing] Contributors for Code review Guide

Eoin eoin.keary at owasp.org
Wed Jun 20 12:11:55 EDT 2007


Hi,

Code review has been a little quiet for the past few weeks but I hope to get
it going again.
Firstly the current information on the code review wiki is pretty good but
needs review and maybe some additional content if anyone has any nice ideas.

http://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents

There are some sections that need doing such as

*Reviewing code for  CSRF issues*
*Reviewing Code for Authorization Issues
Reviewing Code for Session Integrity issues
Reviewing Cryptographic Code
Reviewing Code deployment: Dangerous HTTP Methods
Reviewing Code for Race Conditions *

So if anyone would like a stab at these please feel free.

also I was hoping to do a "*Searching for vulnerable code in the code base*
":

This would show how to *search code for potential issues* and also provide a
*keyword list of common API's/Methods* which cause issues in development.
It would also explain how to put the keywords that were found in context as
text search /grep would not understand object orientation or polymorphism or
run time reference to config files.This shall cover .NET and Java/J2EE to
start.

The guide shall also become a hard copy, real book once completed as the
Testing guide shall be soon.

So if interested please get in touch and drop me a line so we can get going
on this one!!

regards,

Eoin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20070620/8861b5db/attachment.html 


More information about the Owasp-testing mailing list