Code Review Guide Frontispiece
Welcome to the OWASP Code Review Guide 1.1
“my children, the internet is broken, can we fix this mess?”
-- Eoin Keary, OWASP Code Review Guide Lead Author & Editor
OWASP thanks the authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Code review Guide, please e-mail the Code review Guide mail list:
Copyright and License
Copyright (c) 2008 The OWASP Foundation.
This document is released under the Creative Commons 2.5 License. Please read and understand the license and copyright conditions.
The Code review guide originated in 2006 and an splinter project from the testing guide. It was concieved by Eoin Keary in 2005 and transformed into a wiki.
- September 30, 2007
- "OWASP Code Review Guide", Version 1.0 (RC1)
- December 22, 2007
- ""OWASP Code Review Guide", Version 1.0 (RC2)
- November 01, 2008
- "OWASP Code Review Guide", Version 1.1 (Release)
Eoin Keary: OWASP Code Review Guide 2005- Present
Jenelle Chapman Andrew van der Stock Eoin Keary Paolo Perego David Lowry David Rook
Dinis Cruz Jeff Williams
Jeff Williams Rahim Jina
- Java, Java Web Server, and JSP are registered trademarks of Sun Microsystems, Inc.
- Microsoft is a registered trademark of Microsoft Corporation.
- OWASP is a registered trademark of the OWASP Foundation
All other products and company names may be trademarks of their respective owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark.
| This project has produced a book that can be downloaded or purchased.|
Feel free to browse the full catalog of available OWASP books.
OWASP Code Review Guide V2.0
We are writing a new version of the OWASP code review guide. []
Summer of Code 2008
The Code review guide is proudly sponsored by the OWASP Summer of Code (SoC) 2008. For more information please see OWASP Summer of Code 2008.
Code Review Guide V1.1 Completed
The code review guide has been completed and is available here http://www.lulu.com/content/5678680 as a bound book.
Code review tool
The following link is for the new version of Code Crawler, code review tool which examines code for keywords discussed in the section "Crawling Code". It support Java and .NET code:
Owasp Orizon Code review engine
The Owasp Orizon Project is born in 2006 to provide a set of APIs to provide an opensource engine to provide static analysis services to developers that wants to build a code review tool.
The Owasp Orizon will evolve accordingly in order to implement security checks described in the Code Review Guide. With the framework a UI is also provided in order to give people a standalone tool to realize code review for the security flaws listed in the "The Owasp Code Review Top 9"
The Owasp Orizon main page is available here: Category:OWASP_Orizon_Project
Source code is hosted at Sourceforge.net site: http://orizon.sourceforge.net
Spring Of Code 2007
The Code review guide is proudly sponsored by the OWASP Spring of Code (SpOC) 2007. For more information please see Spring of Code 2007
The OWASP Code Review project was conceived by Eoin Keary, the OWASP Ireland Founder and Chapter Lead. We are actively seeking individuals to add new sections as new web technologies emerge. If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line mailto:email@example.com
Join the Code Review Team
All of the OWASP Guides are living documents that will continue to change as the threat and security landscape changes.
We welcome everyone to join the Code Review Guide Project and help us make this document great. The best way to get started is to subscribe to the mailing list by following the link below. Please introduce yourself and ask to see if there is anything you can help with. We are always looking for new contributions. If there is a topic that you’d like to research and contribute, please let us know!
View the OWASP Code Review Project Roadmap
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?