Chapters Assigned

Methodology

 * 1) Code Review Introduction
 * 2) Steps and Roles
 * 3) Code Review Processes

Design review

 * 1) Designing for security
 * 2) - M Roxberry(.NET)
 * 3) - Paolo Perego (Java)
 * 4) - Andrew van der Stock (PHP)
 * 5) - Paolo Perego (C)
 * 6) - C++
 * 7) - Andrew van der Stock (MySQL)
 * 8) - Mallory (AJAX)

Examples by Vulnerability

 * 1) Reviewing Code for Buffer Overruns and Overflows - 70%
 * 2) Reviewing Code for OS Injection - 70%
 * 3) Reviewing Code for SQL Injection - 70%
 * 4) Reviewing Code for Data Validation - Jenelle Chapman / E Keary
 * 5) Reviewing code for XSS issues - 70%
 * 6) Reviewing Code for Error Handling - Jenelle Chapman
 * 7) Reviewing Code for Logging Issues - 70%
 * 8) Reviewing The Secure Code Environment - E Keary
 * 9) Transaction Analysis - E Keary
 * 10) Authorization (Currently linked to "The Development Guide")
 * 11) Authentication (Code review)
 * 12) Session Integrity
 * 13) Cross Site Request Forgery
 * 14) Cryptography (Currently linked to "The Development Guide")
 * 15) Dangerous HTTP Methods ( Secure deployment)
 * 16) Race Conditions

Java

 * 1) Inner classes (Paolo Perego)
 * 2) Class comparison (Paolo Perego)
 * 3) Cloneable classes (Paolo Perego)
 * 4) Serializable classes (Paolo Perego)
 * 5) Package scope and encapsulation (Paolo Perego)
 * 6) Mutable objects (Paolo Perego)
 * 7) Private methods & circumvention (Paolo Perego)

PHP
Assigned to Andrew van der Stock

MySQL
Assigned to Andrew van der Stock

C/C++

 * 1) Memory management (Paolo Perego)
 * 2) String management (Paolo Perego)
 * 3) Secure access to file system items (Paolo Perego)

Automating Code Reviews

 * 1) Preface
 * 2) Reasons for using automated tools
 * 3) Education and cultural change
 * 4) Tool Deployment Model