Chapters Assigned

2007-01-18T02:55:14Z

Mallory: /* Design review */

==Methodology==

#Code Review Introduction
#Steps and Roles
#Code Review Processes

== Design review ==
#Designing for security
## - M Roxberry(.NET)
## - Paolo Perego (Java)
## - Andrew van der Stock (PHP)
## - Paolo Perego (C)
## - C++
## - Andrew van der Stock (MySQL)
## - Mallory (AJAX)

==Examples by Vulnerability==
#Reviewing Code for Buffer Overruns and Overflows - 70%
#Reviewing Code for OS Injection - 70%
#Reviewing Code for SQL Injection - 70%
#Reviewing Code for Data Validation - Jenelle Chapman / E Keary
#Reviewing Code for Error Handling - Jenelle Chapman
#Reviewing Code for Logging Issues - 70%
#Reviewing The Secure Code Environment - E Keary
#Transaction Analysis - E Keary
#Authorization (Currently linked to "The Development Guide")
#Authentication (Code review)
#Session Integrity
#Cross Site Request Forgery
#Cryptography (Currently linked to "The Development Guide")
#Dangerous HTTP Methods ( Secure deployment)
#Race Conditions

== Language specific best practice ==

===Java===
#Inner classes (Paolo Perego)
#Class comparison (Paolo Perego)
#Cloneable classes (Paolo Perego)
#Serializable classes (Paolo Perego)
#Package scope and encapsulation (Paolo Perego)
#Mutable objects (Paolo Perego)
#Private methods & circumvention (Paolo Perego)

===.NET===

===PHP===

Assigned to Andrew van der Stock

===MySQL===

Assigned to Andrew van der Stock

===Stored Procs===

===C/C++===

# Memory management (Paolo Perego)
# String management (Paolo Perego)
# Secure access to file system items (Paolo Perego)

==Automating Code Reviews==
#Preface
#Reasons for using automated tools
#Education and cultural change
#Tool Deployment Model

==References==

OWASP - User contributions [en]

Chapters Assigned