OWASP Code review V2 Project

Jump to: navigation, search


Welcome to the continuation of OWASP Code Review Guide Project! The Code Review Guide Project 2.0 is to bring the successful OWASP Code Review Guide up to date.

Project Lead

Larry Conklin and Gary Robinson are the project leaders.

Past Project Leader/Project Founder

Eoin Keary Eoin is project originator/founder. Eoin lead the first Code Review Guide which was the first open source secure code review guide ever and a best seller with our publisher lulu.com.

Email List

You can sign up for the OWASP Code Review Guide Project email list at General Code Review Guide mailing


Table of Contents for Code Review Guide

Click Link to go to Table of Contents for Code Review Guide [[1]]

Content Template

General Template to be used by Code Review Guide Authors.

Section Title

  • Abstract
  • Description of the issue/control.

Anti-Pattern – How to identify vulnerable code

  • Typical API calls used
  • Vulnerable syntax
  • Java/.Net/imports generally found related to the issue.
  • Possible solutions.
  • Refer to the development guide.
  • Borrow from the Cheat sheet series/Don’t copy from the internet, original work only.

Typical suggestions.

Working Notes For Authors

  • Work in the wiki
    • This shares your workings and progress with other authors who might wish to collaborate on the topic.
  • Don't wait until your writing is complete to add to the wiki
    • Feel free to put outlines, thoughts, rough passages, etc in the wiki as you go along, again this shows your working on the section and allows other authors (who might need to reference your section in the completed document) to know what you plan to cover.
  • Reach out to co-authors
    • If two or more authors have signed up for a particular section, those authors should contact each other to co-ordinate how the section should be written. (see e-mail addressed below).
    • Reviewing the document sections will take time, and this important task cannot be left until the last minute. If all sections are ready for review by September 14th then we will have around 2 months to perform reviews (and pick up any slack).

Writing Style/Notes

  • References

We are using the APA style of referencing our sources for the Code Review Guide V2. Please use this style when referencing any sources for your sections. Please see the References Pages in APA (http://www.apastyle.org/) Format page for examples and more information, and reach out to the (list) with any questions.

Try to reference other sections of the code review document first, else try to reference other parts of the OWASP web site/other projects. If your reference does not fit into the OWASP documentation, then refernence outside (internet) materials, being careful not to mention specific vendors/brands.

Code Review Guide Authors and Reviewers

  • Larry Conklin
  • Johanna Curiel
  • Eoin Keary
  • Islam Azeddine Mennouchi
  • Abbas Naderi
  • Carlos Pantelides
  • Ashish Rao
  • Gary David Robinson
  • Colin Watson
  • Mghazli Zyad