Difference between revisions of "OWASP Code review V2 Table of Contents"

From OWASP
Jump to: navigation, search
Line 44: Line 44:
 
# Author - Open
 
# Author - Open
 
## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Preparation]]
 
## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Preparation]]
 +
====Application Threat Modeling====
 +
#Author - Andy, Renchie Joan
 +
## Previous version to be updated: [[https://www.owasp.org/OCRG1.1:Application_Threat_Modeling]]
 +
====Understanding Code layout/Design/Architecture====
 +
#Author - Ashish Rao
 +
===SDLC Integration===
 +
#Author - Andy, Ashish Rao
 +
## Previous version to be updated: [[https://www.owasp.org/index.php/Security_Code_Review_in_the_SDLC]]
 +
====Deployment Models====
 +
=====Secure deployment configurations====
 +
#Author - Ashish Rao
 +
## New Section
 +
=====Metrics and code review=====
 +
#Author - Andy
 +
## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Metrics]]
 +
=====Source and sink reviews=====
 +
#Author - Ashish Rao
 +
## New Section
 +
=====Code review Coverage=====
 +
#Author - Open
 +
## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Coverage]]

Revision as of 21:25, 17 April 2013

Contents

OWASP Code Review Guide v2.0:

Forward

  1. Author Eoin Keary
    1. Previous version to be updated:[[1]]

Code Review Guide History

  1. Author - Eoin Keary
    1. Previous version to be updated:[[2]]

Introduction

  1. Author - Eoin Keary

What is source code review and Static Analysis

  1. Author - Zyad Mghazli
    1. New Section

Manual Review - Pros and Cons

  1. Author - Ashish Rao
    1. New Section
      1. Suggestion: Benchmark of different Stataic Analysis Tools Zyad Mghazli

Why code review

Scope and Objective of secure code review

  1. Author - Ashish Rao

We can't hack ourselves secure

  1. Author - Prathamesh Mhatre
    1. New Section

360 Review: Coupling source code review and Testing / Hybrid Reviews

  1. Author - Ashish Rao
    1. New Section

Can static code analyzers do it all?

  1. Author - Ashish Rao
    1. New Section

Methodology

The code review approach

  1. Author - Prathamesh Mhatre

Preparation and context

  1. Author - Open
    1. Previous version to be updated: [[3]]

Application Threat Modeling

  1. Author - Andy, Renchie Joan
    1. Previous version to be updated: [[4]]

Understanding Code layout/Design/Architecture

  1. Author - Ashish Rao

SDLC Integration

  1. Author - Andy, Ashish Rao
    1. Previous version to be updated: [[5]]

Deployment Models

=Secure deployment configurations

  1. Author - Ashish Rao
    1. New Section
Metrics and code review
  1. Author - Andy
    1. Previous version to be updated: [[6]]
Source and sink reviews
  1. Author - Ashish Rao
    1. New Section
Code review Coverage
  1. Author - Open
    1. Previous version to be updated: [[7]]