Difference between revisions of "Project Information:template Code Review Project"

From OWASP
Jump to: navigation, search
 
(38 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
+
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Code Review Project V1.1'''  
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Code Review Guide V1.1'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|The code review guide is currently at version RC 2.0 and the second best selling OWASP book. I have received many positive comments regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information and I have convinced such people (Alessio Marziali) to open source their tool and make it an OWASP project. The combination of a book on secure code review and a tool to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development. Proposal: I am proposing that I improve the code review guide from a number of aspects. This should place the guide as a de facto secure code review guide in the application security industry.
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.  
 +
Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0
 
  |-
 
  |-
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
+
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:eoin.keary(at)owasp.org '''Eoin Keary''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:EoinKeary|'''Eoin Keary''']]
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>[[OWASP Code Review Guide Contributors|'''See here''']]
  | style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-codereview '''Mailing List/Subscribe''']
+
  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-codereview '''Subscribe here''']<br>[mailto:owasp-codereview(at)lists.owasp.org '''Use here''']
[mailto:owasp-codereview(at)lists.owasp.org '''Mailing List/Use''']
+
  | style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:rahim.jina(at)ie.ey.com '''Rahim Jina''']<br>[[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Rahim Jina Curriculum|Curriculum]]
+
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Release Quality Projects|'''Documentation''']]
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:psatishkumar(at)gmail.com '''P.Satish Kumar''']<br>[[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Rahim Jina Curriculum|Curriculum]]
+
| style="width:15%; background:#cccccc" align="center"|Sponsor<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]   
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams''']
+
|}
|}
+
{| style="width:100%" border="0" align="center"  
{| style="width:100%" border="0" align="center"
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status'''  
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''
|-
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''  
| style="width:100%; background:#cccccc" align="center"|
+
* [https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx OWASP Code Review's PowerPoint Presentation]
+
* [[:OWASP Code Review Guide Table of Contents|Code Review Guide Table of Contents]]<br>
+
* [http://www.lulu.com/content/1415989  Code Review Guide (RC2) Book]<br>
+
* (If appropriate, links to be added)
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''  
+
|-
+
  | style="width:100%; background:#cccccc" align="center"|
+
* [http://www.cyphersec.com/software_archive/CodeCrawler.rar OWASP Code Crawler Project]<br>
+
* [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''  
+
|-
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]  
+
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#OWASP Code review guide, V1.1|'''Sponsored Project/Guidelines/Roadmap''']]
+
|}
+
{| style="width:100%" border="0" align="center"
+
  ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
+
|-
+
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
+
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
+
  | style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' (To update)<br>---------<br>[[Project Information:template Code Review Project - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Code Review Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Code Review Project 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Code Review Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release'''<br>'''Season of Code - 2008'''<br>---------<br>[[Project Information:template Code Review Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Release<br>'''Season of Code - 2008'''<br>---------<br>[[Project Information:template Code Review Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
+
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Code Review Project - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
+
 
  |-
 
  |-
 +
| style="width:29%; background:#cccccc" align="center"|
 +
'''[[:Category:OWASP_Project_Assessment#Release Quality Documentation Criteria|Release Quality]]'''<br>[[:OWASP Code Review Project V1.1 - Assessment Frame|Please see here for complete information.]]
 +
| style="width:42%; background:#cccccc" align="center"|
 +
OWASP Code Review Guide V1.1 - [https://www.owasp.org/images/8/8e/OWASP_Code_Review_Guide-V1_1.doc Word] & [https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf PDF] Files - NEW RELEASE!!!<br>[https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx OWASP Code Review's PowerPoint Presentation]<br>[[:OWASP Code Review Guide Table of Contents|Code Review Guide Table of Contents]]<br>[http://www.lulu.com/content/1415989  Code Review Guide/Old Version (RC2) Book]<br>(If appropriate, links to be added)
 +
| style="width:29%; background:#cccccc" align="center"|
 +
[[:Category:OWASP Testing Project|OWASP Testing Guide Project V 3.0]]<br>[[:Category:OWASP Guide Project|OWASP Development Guide Project]]<br>[[:Category:OWASP ASDR Project|OWASP ASDR Project]]<br>[[:Category:OWASP Code Crawler|OWASP Code Crawler]]
 
  |}
 
  |}
 +
----

Latest revision as of 11:00, 26 February 2009


PROJECT IDENTIFICATION
Project Name OWASP Code Review Guide V1.1
Short Project Description The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0

Project key Information Project Leader
Eoin Keary
Project Contributors
See here
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Release Quality
Please see here for complete information.

OWASP Code Review Guide V1.1 - Word & PDF Files - NEW RELEASE!!!
OWASP Code Review's PowerPoint Presentation
Code Review Guide Table of Contents
Code Review Guide/Old Version (RC2) Book
(If appropriate, links to be added)

OWASP Testing Guide Project V 3.0
OWASP Development Guide Project
OWASP ASDR Project
OWASP Code Crawler