OWASP Code Review Guide Table of Contents

Methodology

 * 1) Introduction
 * 2) Steps and Roles
 * 3) Code Review Processes

Design review

 * 1) Designing for security

Examples by Vulnerability

 * 1) Reviewing Code for Buffer Overruns and Overflows
 * 2) Buffer Overruns and Overflows
 * 3) Reviewing Code for OS Injection
 * 4) OS Injection
 * 5) SQL Injection
 * 6) Data Validation
 * 7) Reviewing Code for Data Validation
 * 8) Error Handling
 * 9) Reviewing Code for Error Handling
 * 10) Logging issues
 * 11) Reviewing Code for Logging Issues
 * 12) The Secure Code Environment
 * 13) Reviewing The Secure Code Environment
 * 14) Transaction Analysis
 * 15) Authorization
 * 16) Authentication
 * 17) Session Integrity
 * 18) Cross Site Request Forgery
 * 19) Cryptography
 * 20) Dangerous HTTP Methods
 * 21) Race Conditions

Java

 * 1) Inner classes
 * 2) Class comparison
 * 3) Cloneable classes
 * 4) Serializable classes
 * 5) Package scope and encapsulation
 * 6) Mutable objects
 * 7) Private methods & circumvention

Automating Code Reviews

 * 1) Preface
 * 2) Reasons for using automated tools
 * 3) Education and cultural change
 * 4) Tool Deployment Model