Difference between revisions of "Projects/OWASP Code Review Project/Releases/Code Review Guide V1.1"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
 
| project_name = OWASP Code Review Project
 
| project_name = OWASP Code Review Project
 
| project_home_page = :Category:OWASP Code Review Project
 
| project_home_page = :Category:OWASP Code Review Project
 +
 
| release_name = Code Review Guide V1.1
 
| release_name = Code Review Guide V1.1
| release_date = To be filled in
+
| release_date = 4 January 2009
| release_description = To be filled in
+
| release_download_link = https://www.owasp.org/images/8/8e/OWASP_Code_Review_Guide-V1_1.doc
 +
 
 +
| release_description = <br>
 +
 
 +
Additional and expanded Chapters:<br>
 +
 
 +
'''Transactional analysis'''<br>
 +
Expand chapter.<br>
 +
Examples via diagrams.<br>
 +
 +
'''Threat Modeling and Analysis'''<br>
 +
The approach to examining an application to be reviewed.<br>
 +
Focusing on areas of interest.<br>
 +
 
 +
'''Example reports and how to write one'''<br>
 +
How to determine the risk level of a finding.<br>
 +
 
 +
'''Automated code review''' <br>
 +
Code crawler documentation and usage.<br>
 +
 
 +
'''Rich Internet Applications'''<br>
 +
Expanded chapters on Flash, Ajax.<br>
 +
 
 +
'''The OWASP ESAPI (Enterprise Security API)'''<br>
 +
What it is, Why use it. What to review.<br>
 +
 
 +
'''Code review Metrics:'''<br>
 +
How to compile, use and analyse metrics.<br>
 +
Rolling out metrics in the Enterprise.<br>
 +
 
 +
'''Integrating Code review with an existing SDLC'''
 +
Integration of Secure Code review with an existing SDLC.<br>
 +
Secure Code review roadmap definition.<br>
 +
Documentation requirements.<br>
 +
Scope definition.<br>
 +
SDLC steering comittee establishment.<br>
 +
Performace criteria, benchmarks and metrics.<br>
 +
Integration of SDLC results into key IT governance areas.<br>
 +
Critical success factors.<br>
  
 
| release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
| release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
| release_download_link =
+
 
| leader_name1 = Eoin Keary
 
| leader_name1 = Eoin Keary
 
| leader_username1 = EoinKeary
 
| leader_username1 = EoinKeary
Line 37: Line 76:
  
 
| release_notes = http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Code_review_guide.2C_V1.1
 
| release_notes = http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Code_review_guide.2C_V1.1
| links_url1 =  
+
 
| links_name1 =  
+
| links_url1 = http://www.owasp.org/index.php/Project_Information:template_Code_Review_Project
 +
| links_name1 = Former Project About Tab
 +
 
 +
| links_url2 = http://www.owasp.org/index.php/OWASP_Code_Review_Guide_Contributors
 +
| links_name2 = Code Review Guide V1.1 - List of Contributors
 +
 
 +
| links_url3 = https://www.owasp.org/images/8/8e/OWASP_Code_Review_Guide-V1_1.doc
 +
| links_name3 = OWASP Code Review Guide V1.1 - Word file
 +
 
 +
| links_url4 = https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf
 +
| links_name4 = OWASP Code Review Guide V1.1 - PDF file
 +
 
 +
| links_url5 = http://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents
 +
| links_name5 = Code Review Guide Table of Contents
 +
 
}}
 
}}

Revision as of 12:15, 25 August 2010

back to project home page

what is this release?
Code Review Guide V1.1 - 4 January 2009 - (download)
Release Description:

Additional and expanded Chapters:

Transactional analysis
Expand chapter.
Examples via diagrams.

Threat Modeling and Analysis
The approach to examining an application to be reviewed.
Focusing on areas of interest.

Example reports and how to write one
How to determine the risk level of a finding.

Automated code review
Code crawler documentation and usage.

Rich Internet Applications
Expanded chapters on Flash, Ajax.

The OWASP ESAPI (Enterprise Security API)
What it is, Why use it. What to review.

Code review Metrics:
How to compile, use and analyse metrics.
Rolling out metrics in the Enterprise.

Integrating Code review with an existing SDLC Integration of Secure Code review with an existing SDLC.
Secure Code review roadmap definition.
Documentation requirements.
Scope definition.
SDLC steering comittee establishment.
Performace criteria, benchmarks and metrics.
Integration of SDLC results into key IT governance areas.
Critical success factors.

Release License: Creative Commons Attribution Share Alike 3.0
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Main links:
Release Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.