Difference between revisions of "OWASP Code review V2 Table of Contents"

From OWASP
Jump to: navigation, search
Line 80: Line 80:
 
## Previous version to be updated: [[https://www.owasp.org/index.php/Crawling_Code]]
 
## Previous version to be updated: [[https://www.owasp.org/index.php/Crawling_Code]]
 
*API of Interest:
 
*API of Interest:
***Java
+
**Java
 
***.NET
 
***.NET
 
***PHP
 
***PHP
 
***RUBY
 
***RUBY
 +
*frameworks:
 +
**Spring
 +
**.NET MVC
 +
**Structs
 +
**Zend
 +
#New Section
 +
*Searching for code in C/C++
 +
#Author - Gaz Robinson
 +
====Code reviews and Compliance====
 +
#Author -Manual Harti
 +
## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Reviews_and_Compliance]]

Revision as of 21:42, 17 April 2013

Contents

OWASP Code Review Guide v2.0:

Forward

  1. Author Eoin Keary
    1. Previous version to be updated:[[1]]

Code Review Guide History

  1. Author - Eoin Keary
    1. Previous version to be updated:[[2]]

Introduction

  1. Author - Eoin Keary

What is source code review and Static Analysis

  1. Author - Zyad Mghazli
    1. New Section

Manual Review - Pros and Cons

  1. Author - Ashish Rao
    1. New Section
      1. Suggestion: Benchmark of different Stataic Analysis Tools Zyad Mghazli

Why code review

Scope and Objective of secure code review

  1. Author - Ashish Rao

We can't hack ourselves secure

  1. Author - Prathamesh Mhatre
    1. New Section

360 Review: Coupling source code review and Testing / Hybrid Reviews

  1. Author - Ashish Rao
    1. New Section

Can static code analyzers do it all?

  1. Author - Ashish Rao
    1. New Section

Methodology

The code review approach

  1. Author - Prathamesh Mhatre

Preparation and context

  1. Author - Open
    1. Previous version to be updated: [[3]]

Application Threat Modeling

  1. Author - Andy, Renchie Joan
    1. Previous version to be updated: [[4]]

Understanding Code layout/Design/Architecture

  1. Author - Ashish Rao

SDLC Integration

  1. Author - Andy, Ashish Rao
    1. Previous version to be updated: [[5]]

Deployment Models

Secure deployment configurations
  1. Author - Ashish Rao
    1. New Section
Metrics and code review
  1. Author - Andy
    1. Previous version to be updated: [[6]]
Source and sink reviews
  1. Author - Ashish Rao
    1. New Section
Code review Coverage
  1. Author - Open
    1. Previous version to be updated: [[7]]
Design Reviews
  1. Author - Ashish Rao
  • Why to review design?
    • Building security in design - secure by design principle
    • Design Areas to be reviewed
    • Common Design Flaws
A Risk based approach to code review
  1. Author - Renchie Joan
  2. New Section
  • "Doing things right or doing the right things..."
    • "Not all bugs are equal

Crawling code

  1. Author - Abbas Naderi
    1. Previous version to be updated: [[8]]
  • API of Interest:
    • Java
      • .NET
      • PHP
      • RUBY
  • frameworks:
    • Spring
    • .NET MVC
    • Structs
    • Zend
  1. New Section
  • Searching for code in C/C++
  1. Author - Gaz Robinson

Code reviews and Compliance

  1. Author -Manual Harti
    1. Previous version to be updated: [[9]]