Difference between revisions of "OWASP Code review V2 Project"

From OWASP
Jump to: navigation, search
Line 21: Line 21:
 
Authors and Reviewers use to TOC to take ownership of content you want to write about or review. Please attach your name here and put link to your content here.
 
Authors and Reviewers use to TOC to take ownership of content you want to write about or review. Please attach your name here and put link to your content here.
  
Link to TOC [[https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents]]
+
Click Link to go to Table of Contents for Code Review Guide  [[https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents]]
  
 
== Content Template ==
 
== Content Template ==

Revision as of 10:31, 20 November 2013

Contents

Overview

Welcome to the continuation of OWASP Code Review Guide Project! The Code Review Guide Project 2.0 is to bring the successful OWASP Code Review Guide up to date.

Project Lead

Eoin Keary is continuing his successful leadership as the technical lead of the Code Review Guide Project.

Larry Conklin is the co-leader and project support person.


Email List

You can sign up for the OWASP Code Review Guide Project email list at General Code Review Guide mailing

http://lists.owasp.org/mailman/listinfo/owasp-codereview  
http://lists.owasp.org/mailman/listinfo/owasp_code_review_guide_authors

Table of Contents for Code Review Guide

Authors and Reviewers use to TOC to take ownership of content you want to write about or review. Please attach your name here and put link to your content here.

Click Link to go to Table of Contents for Code Review Guide [[1]]

Content Template

General Template to be used by Code Review Guide Authors.

Section Title

  • Abstract
  • Description of the issue/control.

Anti-Pattern – How to identify vulnerable code

  • Typical API calls used
  • Vulnerable syntax
  • Java/.Net/imports generally found related to the issue.
  • Possible solutions.
  • Refer to the development guide.
  • Borrow from the Cheat sheet series/Don’t copy from the internet, original work only.

Typical suggestions.

Working Notes For Authors

  • Work in the wiki
    • This shares your workings and progress with other authors who might wish to collaborate on the topic.
  • Don't wait until your writing is complete to add to the wiki
    • Feel free to put outlines, thoughts, rough passages, etc in the wiki as you go along, again this shows your working on the section and allows other authors (who might need to reference your section in the completed document) to know what you plan to cover.
  • Reach out to co-authors
    • If two or more authors have signed up for a particular section, those authors should contact each other to co-ordinate how the section should be written. (see e-mail addressed below).
  • Our Aim to have a full review draft of all sections by September 2013
    • Reviewing the document sections will take time, and this important task cannot be left until the last minute. If all sections are ready for review by September 14th then we will have around 2 months to perform reviews (and pick up any slack).

Writing Style/Notes

  • References

We are using the APA style of referencing our sources for the Code Review Guide V2. Please use this style when referencing any sources for your sections. Please see the References Pages in APA (http://www.apastyle.org/) Format page for examples and more information, and reach out to the (list) with any questions.

Try to reference other sections of the code review document first, else try to reference other parts of the OWASP web site/other projects. If your reference does not fit into the OWASP documentation, then refernence outside (internet) materials, being careful not to mention specific vendors/brands.


Code Review Guide Authors and Reviewers

  • Larry Conklin
  • Johanna Curiel
  • Eoin Keary
  • Islam Azeddine Mennouchi
  • Abbas Naderi
  • Carlos Pantelides
  • Ashish Rao
  • Gary David Robinson
  • Colin Watson
  • Mghazli Zyad