Difference between revisions of "Project Information:template Code Review Project"

From OWASP
Jump to: navigation, search
 
(25 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Code Review Project V1.1'''  
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Code Review Guide V1.1'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
  | colspan="7" style="width:85%; background:#cccccc" align="left"|The code review guide is currently at version RC 2.0 and the second best selling OWASP book. I have received many positive comments regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information and I have convinced such people (Alessio Marziali) to open source their tool and make it an OWASP project. The combination of a book on secure code review and a tool to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development. Proposal: I am proposing that I improve the code review guide from a number of aspects. This should place the guide as a de facto secure code review guide in the application security industry.
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.  
 +
Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
 
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:EoinKeary|'''Eoin Keary''']]
 
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:EoinKeary|'''Eoin Keary''']]
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>[[OWASP Code Review Guide Contributors|'''See here''']]
  | style="width:14%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-codereview '''Subscribe here''']
+
  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-codereview '''Subscribe here''']<br>[mailto:owasp-codereview(at)lists.owasp.org '''Use here''']
[mailto:owasp-codereview(at)lists.owasp.org '''Use here''']
+
  | style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
  | style="width:14%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
+
 
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Release Quality Projects|'''Documentation''']]
 
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Release Quality Projects|'''Documentation''']]
| style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]   
+
| style="width:15%; background:#cccccc" align="center"|Sponsor<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]   
 
|}
 
|}
 
{| style="width:100%" border="0" align="center"  
 
{| style="width:100%" border="0" align="center"  
Line 23: Line 24:
 
  |-
 
  |-
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
'''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Release Quality]]'''<br>[[:OWASP Code Review Project V1.1 - Assessment Frame|Please see here for complete information.]]
+
'''[[:Category:OWASP_Project_Assessment#Release Quality Documentation Criteria|Release Quality]]'''<br>[[:OWASP Code Review Project V1.1 - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="center"|
 
  | style="width:42%; background:#cccccc" align="center"|
* [https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx OWASP Code Review's PowerPoint Presentation]
+
OWASP Code Review Guide V1.1 - [https://www.owasp.org/images/8/8e/OWASP_Code_Review_Guide-V1_1.doc Word] & [https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf PDF] Files - NEW RELEASE!!!<br>[https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx OWASP Code Review's PowerPoint Presentation]<br>[[:OWASP Code Review Guide Table of Contents|Code Review Guide Table of Contents]]<br>[http://www.lulu.com/content/1415989  Code Review Guide/Old Version (RC2) Book]<br>(If appropriate, links to be added)
* [[:OWASP Code Review Guide Table of Contents|Code Review Guide Table of Contents]]<br>
+
* [http://www.lulu.com/content/1415989  Code Review Guide (RC2) Book]<br>
+
* (If appropriate, links to be added)
+
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
[[:Category:OWASP Testing Project|OWASP Testing V 3.0]]<br>[[:Category:OWASP Guide Project|OWASP Development Guide Project]]<br>[[:Category:OWASP ASDR Project|OWASP ASDR Project]]
+
[[:Category:OWASP Testing Project|OWASP Testing Guide Project V 3.0]]<br>[[:Category:OWASP Guide Project|OWASP Development Guide Project]]<br>[[:Category:OWASP ASDR Project|OWASP ASDR Project]]<br>[[:Category:OWASP Code Crawler|OWASP Code Crawler]]
|}
+
 
+
 
+
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[[User:Rahimjina|'''Rahim Jina''']]
+
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[[User:Satishkumar|'''P.Satish Kumar''']]
+
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>[[User:Jeff Williams|'''Jeff Williams''']
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
* [https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx OWASP Code Review's PowerPoint Presentation]
+
* [[:OWASP Code Review Guide Table of Contents|Code Review Guide Table of Contents]]<br>
+
* [http://www.lulu.com/content/1415989  Code Review Guide (RC2) Book]<br>
+
* (If appropriate, links to be added)
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
* [http://www.cyphersec.com/software_archive/CodeCrawler.rar OWASP Code Crawler Project]<br>
+
* [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
+
|-
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#OWASP Code review guide, V1.1|'''Sponsored Project/Guidelines/Roadmap''']]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
+
|-
+
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
+
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
+
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' (To update)<br>---------<br>[[Project Information:template Code Review Project - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Code Review Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Code Review Project 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Code Review Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Code Review Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Code Review Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
+
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Code Review Project - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
+
|-
+
 
  |}
 
  |}
 +
----

Latest revision as of 11:00, 26 February 2009


PROJECT IDENTIFICATION
Project Name OWASP Code Review Guide V1.1
Short Project Description The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0

Project key Information Project Leader
Eoin Keary
Project Contributors
See here
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Release Quality
Please see here for complete information.

OWASP Code Review Guide V1.1 - Word & PDF Files - NEW RELEASE!!!
OWASP Code Review's PowerPoint Presentation
Code Review Guide Table of Contents
Code Review Guide/Old Version (RC2) Book
(If appropriate, links to be added)

OWASP Testing Guide Project V 3.0
OWASP Development Guide Project
OWASP ASDR Project
OWASP Code Crawler