Difference between revisions of "OWASP Code Review Guide Table of Contents"

From OWASP
Jump to: navigation, search
(Title case: "Reviewing Code for Cross-site scripting" -> "Reviewing Code for Cross-Site Scripting", also relinking to an article reflecting the new name.)
m (Switched a link from article to navigation shell)
 
(13 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
{{LinkBar
 +
  | useprev=PrevLink | prev= | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Review Guide Foreword | lblnext=Foreword by OWASP Chair
 +
}}
 
__NOTOC__
 
__NOTOC__
  
Line 4: Line 9:
 
==[[Code Review Guide Foreword|Foreword by OWASP Chair]]==
 
==[[Code Review Guide Foreword|Foreword by OWASP Chair]]==
  
==[[Code Review Guide Frontispiece |Frontispiece]]==
+
==Frontispiece==
  
 
* [[Code Review Guide Frontispiece|About the OWASP Code Review Project]]
 
* [[Code Review Guide Frontispiece|About the OWASP Code Review Project]]
* [[About The Open Web Application Security Project|About The Open Web Application Security Project]]
+
* [[OCRG1.1:About The Open Web Application Security Project|About The Open Web Application Security Project]]
  
 
==Guide History==
 
==Guide History==
Line 15: Line 20:
  
 
*[[Code Review Introduction|Introduction]]
 
*[[Code Review Introduction|Introduction]]
*[[Preparation]]
+
*[[Code Review Preparation|Preparation]]
 
*[[Security Code Review in the SDLC]]
 
*[[Security Code Review in the SDLC]]
 
*[[Security Code Review Coverage]]
 
*[[Security Code Review Coverage]]
*[[Application Threat Modeling]]
+
*[[OCRG1.1:Application Threat Modeling|Application Threat Modeling]]
 
*[[Code Review Metrics]]
 
*[[Code Review Metrics]]
  
Line 30: Line 35:
 
* [[Code Reviews and Compliance]]
 
* [[Code Reviews and Compliance]]
  
==Examples by technical control==
+
==Examples by Technical Control==
 
* [[Codereview-Authentication|Authentication]]
 
* [[Codereview-Authentication|Authentication]]
 
* [[Codereview-Authorization|Authorization]]
 
* [[Codereview-Authorization|Authorization]]
Line 39: Line 44:
 
* [[Codereview-Cryptographic_Controls|Cryptographic Controls]]
 
* [[Codereview-Cryptographic_Controls|Cryptographic Controls]]
  
==Examples by vulnerability==
+
==Examples by Vulnerability==
 
* [[Reviewing Code for Buffer Overruns and Overflows]]
 
* [[Reviewing Code for Buffer Overruns and Overflows]]
 
* [[Reviewing Code for OS Injection]]
 
* [[Reviewing Code for OS Injection]]
Line 45: Line 50:
 
* [[Reviewing Code for Data Validation]]
 
* [[Reviewing Code for Data Validation]]
 
* [[Reviewing Code for Cross-Site Scripting]]
 
* [[Reviewing Code for Cross-Site Scripting]]
* [[Reviewing code for Cross-Site Request Forgery issues]]
+
* [[Reviewing Code for Cross-Site Request Forgery]]
 
* [[Reviewing Code for Logging Issues]]
 
* [[Reviewing Code for Logging Issues]]
* [[Reviewing Code for Session Integrity issues]]
+
* [[Reviewing Code for Session Integrity]]
 
* [[Reviewing Code for Race Conditions]]
 
* [[Reviewing Code for Race Conditions]]
  
== Language specific best practice ==
+
== Language Specific Best Practice ==
  
 
===Java===
 
===Java===
*[[Java gotchas]]
+
*[[Java Gotchas]]
*[[Java leading security practice]]
+
*[[Leading Java Security Practice]]
  
 
===Classic ASP===
 
===Classic ASP===
*[[Classic_ASP_Design_Mistakes]]
+
*[[Classic ASP Design Mistakes]]
  
 
===PHP===
 
===PHP===
*[[PHP Security Leading Practice]]
+
*[[Leading PHP Security Practice]]
  
 
===C/C++===
 
===C/C++===
Line 69: Line 74:
  
 
===Rich Internet Applications===
 
===Rich Internet Applications===
*[[Flash Applications]]
+
*[[Reviewing Flash Applications]]
*[[AJAX Applications]]
+
*[[Reviewing AJAX Applications]]
 
*[[Reviewing Web Services]]
 
*[[Reviewing Web Services]]
  
Line 87: Line 92:
  
 
==[[References]]==
 
==[[References]]==
 +
 +
{{LinkBar
 +
  | useprev=PrevLink | prev= | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Review Guide Foreword | lblnext=Foreword by OWASP Chair
 +
}}
  
 
[[Category:OWASP Code Review Project]]
 
[[Category:OWASP Code Review Project]]

Latest revision as of 10:27, 9 September 2010

[This is the first page] Principal
(Table of Contents)

»»Foreword by OWASP Chair»»


Foreword by OWASP Chair

Frontispiece

Guide History

Methodology

Crawling Code

Code Reviews and PCI DSS

Examples by Technical Control

Examples by Vulnerability

Language Specific Best Practice

Java

Classic ASP

PHP

C/C++

MySQL

Rich Internet Applications

Example Reports

Automating Code Reviews

The Owasp Code Review Top 9

The Owasp Code Review Scoring System

References

[This is the first page] Principal
(Table of Contents)

»»Foreword by OWASP Chair»»