Difference between revisions of "Category:OWASP Code Review Project"

From OWASP
Jump to: navigation, search
(Project About)
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Modelo de Auditoría de sistemas:  ==
+
=Main=
  
Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.  
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
  
#Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
#OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
+
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
#Filtro Web: Previene intrusiones a través de puertos inseguros
+
#Clam Antivirus: Previene, detecta y corrige virus informático
+
  
<br>
+
==OWASP Code Review Guide Project==
  
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
{{OWASP Book|5678680}}
|-
+
| Clam Antivirus
+
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
|-
+
| Filtro Web
+
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
|-
+
| OpenVAS
+
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
|-
+
| Sistema de Cifrado Congelado
+
|}
+
  
|}
+
==Introduction==
  
|}
+
We are writing a new version of the [https://www.owasp.org/index.php/OWASP_Code_review_V2_Project OWASP code review guide].
  
|}
+
Here is the [[OWASP  Code review V2 Table of Contents]].
  
== Descripción softwares de auditoría  ==
+
==Description==
  
*El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
+
The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
 +
Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0.t
  
*Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
+
==Licensing==
 +
OWASP Code Review Guide is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  
*El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.
+
== Spring Of Code 2007 ==
 +
The Code review guide is proudly sponsored by the OWASP Spring of Code (SpOC) 2007.
 +
For more information please see [[OWASP_Spring_Of_Code_2007|Spring of Code 2007]]
  
*Clamwin.com es un software de código abierto, no usa computación en la nube y tiene una GUI que detecta virus en línea http://sourceforge.net/projects/clamsentinel
+
==Summer of Code 2008==
 +
The Code review guide is proudly sponsored by the OWASP Summer of Code (SoC) 2008. For more information please see [[OWASP_Summer_of_Code_2008| OWASP Summer of Code 2008]].
  
== Macroinformática ==
+
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:
+
== What is the Code Review Guide? ==
  
*Transmisión cifrada: Cliente e-mail con GnuPG
+
OWASP Code Review Guide provides:
  
http://fellowship.fsfe.org
+
* [[OWASP Code Review Guide Table of Contents]] from v1
 +
* [[OWASP  Code review V2 Table of Contents]]
  
*Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
+
== Presentation ==
  
#ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
 
#http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
 
  
*Ruby: Lenguaje de programación experimental
+
== Project Leader ==
  
http://ruby-lang.org  
+
[mailto:arry.conklin@owasp.org Larry Conklin]
  
*J2re1.3.1_20: Ejecutable de objetos interactivos o applets
+
== Related Projects ==
  
http://java.sun.com/products/archive/j2se/1.3.1_20/index.html
+
[https://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
  
*Escritorio: Gestor de ventanas X11
+
[http://codecrawler.codeplex.com/Release/ProjectReleases.aspx Code Crawler]
  
http://windowmaker.info
+
== Ohloh ==
  
*Gnuzilla: Navegador seguro y de uso libre
 
  
http://code.google.com/p/iceweaselwindows/downloads/list
+
| valign="top"  style="padding-left:25px;width:200px;" |
  
*Gnupdf: Visor de formato de texto universal pdf
+
== Quick Download ==
  
http://blog.kowalczyk.info/software/sumatrapdf
+
* [https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf V1.1]
  
*Gnuflash: Jugador alternativo a flash player
+
== Email List ==
  
http://gnu.org/software/gnash
+
[http://lists.owasp.org/mailman/listinfo/owasp-codereview Sign up]
  
*Zinf: Reproductor de audio
+
== News and Events ==
  
http://zinf.org
 
  
*Informática forense: Análisis de datos ocultos en el disco duro
+
== In Print ==
 +
[http://www.lulu.com/content/5678680 Code Review Guide V1.1] on Lulu.
  
http://sleuthkit.org
 
  
*Compresor: Comprime datos sobreescribiendo bytes repetidos
+
==Classifications==
  
http://peazip.sourceforge.net
+
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Midlevel projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
  
*Ftp: Gestor de descarga de archivos
+
|}
 
+
http://dfast.sourceforge.net
+
 
+
*AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)
+
 
+
http://psmantikeyloger.sourceforge.net
+
 
+
*Password manager: Gestión de contraseñas
+
 
+
http://passwordsafe.sourceforge.net
+
 
+
*Limpiador de disco: Borra archivos innecesrios del sistema
+
 
+
http://bleachbit.sourceforge.net
+
 
+
*Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual
+
 
+
http://kessels.com/jkdefrag
+
 
+
*X11: Gestor de ventanas, reemplazo de escritorio Xwindow's
+
 
+
http://bb4win.org
+
 
+
*Open Hardware: Hardware construído por la comunidad Linux
+
 
+
http://open-pc.com
+
  
*Open WRT: Firmware libre para configurar transmisión de Internet
+
=FAQs=
  
http://openwrt.org
+
; Q1
 +
: A1
  
*Gnu- Linux: Sistema operativo universal
+
; Q2
 +
: A2
  
http://gnewsense.org  
+
= Acknowledgements =
 +
==Volunteers==
 +
The OWASP Code Review project was conceived by Eoin Keary, the OWASP Ireland Founder and Chapter Lead. We are actively seeking individuals to add new sections as new web technologies emerge. If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line [mailto:eoin.keary@owasp.org eoin.keary@owasp.org].
  
== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.
 
  
Implementación de la biocriptoseguridad informática:
+
= Road Map and Getting Involved =
 +
The project's overall goal is to...
  
#Amplificar la banda ancha
+
'''be a reference document for the purpose of performing code review. This project shall provide examples in the most common web application development languages (Java and C# .NET)'''
#Optimizar (limpiar- modificar) el sistema operativo
+
#Desfragmentar los discos lógicos
+
#Ocultar el sistema operativo
+
#Configurar antivirus
+
#Limpiar y desfragmentar
+
#Congelar
+
  
*Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
+
In the near term, we are focused on the following tactical goals...
  
*Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
+
1. Looking at each attack type and examine the anti-pattern associated with the vulnerability which makes the attack possible. This shall include code examples to guide a reviewer on what to look for.
  
*Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.
+
2. Looking at the code review process, how it is managed and challanges one may encounter when performing code review in the "real world".
  
Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware
+
3. Looking at the code review tools available and discussing the benefits and issues of using tools.
  
*http://code.google.com/p/hzr312001/downloads/detail?name=Deep%20systemze%20Standard%20Version%206.51.020.2725.rar&amp;can=2&amp;q= (para Window's)
+
4. See also [[Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0/Roadmap|Code Review Guide V2.0's Roadmap]].
*http://sourceforge.net/projects/lethe (para GNU/Linux)
+
 +
[[Category:OWASP Code Review Project]]
  
<br>Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:  
+
==Roadmap for V2:==
  
*Gnupg: Sirve para cifrar mensajes de correo electrónico http://gpg4win.org/download.html
+
*'''Major enhancements''':
 +
**Introduction to be re-written,
 +
**Approach to code review (Risk based approach)to be re-written, re designed,
 +
**Examples by Vulnerability and Technical control to be expanded and refined,
 +
**Common Numbering nomenclature to be used,
 +
**Cross reference to TG and ASVS to be done,
 +
**New sections on tools to be introduced,
 +
**Expand technology specific sections,
 +
**Section on RIA (Rich Internet applications) to be introduced,
 +
**WebServices section to be refined,
 +
**Malware and rootkit sections to be introduced,
 +
**PCI section to be rewritten with more x-reference to other guides.
  
*Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org
+
*'''Other ideas''':
 +
**ESAPI section: how to review OWASP ESAPI implementations?
 +
**Risk based approach Vs ASVS levels,
 +
**Threat modeling and Triage chapters to be revised,
 +
**OWASP O2 section on O2 rules definition, development,
 +
**Crawling code: Additional search vectors to be added,
 +
**Section on Code Crawler, quick start & configuration guide.
  
*Red protegida: DNS libre http://namespace.org/switch
+
==Get Involved==
 +
All of the OWASP Guides are living documents that will continue to change as the threat and security landscape changes.
 +
We welcome everyone to join the Code Review Guide Project and help us make this document great. The best way to get started is to subscribe to the mailing list by following the link below. Please introduce yourself and ask to see if there is anything you can help with. We are always looking for new contributions. If there is a topic that you’d like to research and contribute, please let us know!
  
*Criptosistema simétrico: Encapsula el disco duro, incluyendo el sistema operativo,usando algoritmo Twofish http://truecrypt.org/downloads.php
+
=Project About=
 +
{{:Projects/OWASP Code Review Project| Project About}}
  
*Proxy cifrado: Autenticación de usuario anónimo http://torproject.org
+
__NOTOC__ <headertabs />
  
Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]] [[Category:OWASP Project|Code Review Project]]
 +
[[Category:OWASP Document]]
 +
[[Category:OWASP Release Quality Document]]

Revision as of 23:20, 24 July 2014

[edit]

OWASP Project Header.jpg

OWASP Code Review Guide Project

OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

Introduction

We are writing a new version of the OWASP code review guide.

Here is the OWASP Code review V2 Table of Contents.

Description

The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development. Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0.t

Licensing

OWASP Code Review Guide is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Spring Of Code 2007

The Code review guide is proudly sponsored by the OWASP Spring of Code (SpOC) 2007. For more information please see Spring of Code 2007

Summer of Code 2008

The Code review guide is proudly sponsored by the OWASP Summer of Code (SoC) 2008. For more information please see OWASP Summer of Code 2008.

What is the Code Review Guide?

OWASP Code Review Guide provides:

Presentation

Project Leader

Larry Conklin

Related Projects

OWASP Orizon Project

Code Crawler

Ohloh

Quick Download

Email List

Sign up

News and Events

In Print

Code Review Guide V1.1 on Lulu.


Classifications

Midlevel projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Q1
A1
Q2
A2

Volunteers

The OWASP Code Review project was conceived by Eoin Keary, the OWASP Ireland Founder and Chapter Lead. We are actively seeking individuals to add new sections as new web technologies emerge. If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line eoin.keary@owasp.org.


The project's overall goal is to...

be a reference document for the purpose of performing code review. This project shall provide examples in the most common web application development languages (Java and C# .NET)

In the near term, we are focused on the following tactical goals...

1. Looking at each attack type and examine the anti-pattern associated with the vulnerability which makes the attack possible. This shall include code examples to guide a reviewer on what to look for.

2. Looking at the code review process, how it is managed and challanges one may encounter when performing code review in the "real world".

3. Looking at the code review tools available and discussing the benefits and issues of using tools.

4. See also Code Review Guide V2.0's Roadmap.

Roadmap for V2:

  • Major enhancements:
    • Introduction to be re-written,
    • Approach to code review (Risk based approach)to be re-written, re designed,
    • Examples by Vulnerability and Technical control to be expanded and refined,
    • Common Numbering nomenclature to be used,
    • Cross reference to TG and ASVS to be done,
    • New sections on tools to be introduced,
    • Expand technology specific sections,
    • Section on RIA (Rich Internet applications) to be introduced,
    • WebServices section to be refined,
    • Malware and rootkit sections to be introduced,
    • PCI section to be rewritten with more x-reference to other guides.
  • Other ideas:
    • ESAPI section: how to review OWASP ESAPI implementations?
    • Risk based approach Vs ASVS levels,
    • Threat modeling and Triage chapters to be revised,
    • OWASP O2 section on O2 rules definition, development,
    • Crawling code: Additional search vectors to be added,
    • Section on Code Crawler, quick start & configuration guide.

Get Involved

All of the OWASP Guides are living documents that will continue to change as the threat and security landscape changes. We welcome everyone to join the Code Review Guide Project and help us make this document great. The best way to get started is to subscribe to the mailing list by following the link below. Please introduce yourself and ask to see if there is anything you can help with. We are always looking for new contributions. If there is a topic that you’d like to research and contribute, please let us know!

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Code Review Project (home page)
Purpose: The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0.

License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Code Review Guide V2.0 - January 2011 - (no download available)
Release description: A release with major enhancements and other ideas is being developed. For further info please consult the release's roadmap.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Code Review Guide V1.1 - 4 January 2009 - (download)
Release description:

This release is an expanded and improved version of the former OWASP Code Review Guide’s RC 2.0 version which contains the following additional and expanded chapters: Transactional Analysis, Threat Modelling and Analysis, Example reports and how to write one, Automated code review, Rich Internet Applications, The OWASP ESAPI, Code review Metrics, Integrating Code review with an existing SDLC.

Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases

Subcategories

This category has only the following subcategory.

O

Pages in category "OWASP Code Review Project"

The following 71 pages are in this category, out of 71 total.

A

B

C

D

E

H

I

J

L

O

P

R

R cont.

S

T

X