Difference between revisions of "Chapters Assigned"

Latest revision as of 11:17, 23 October 2007

1 Methodology
2 Design review
3 Examples by Vulnerability
4 Language specific best practice
- 4.1 .NET
- 4.2 PHP
- 4.3 MySQL
- 4.4 C/C++
5 Automating Code Reviews
6 References

Methodology

Code Review Introduction
Steps and Roles
Code Review Processes
Transaction Analysis - E Keary

Design review

Designing for security
1. - M Roxberry(.NET)
2. - Paolo Perego (Java)
3. - Andrew van der Stock (PHP)
4. - Paolo Perego (C)
5. - C++
6. - Andrew van der Stock (MySQL)
7. - Mallory (AJAX)

Examples by Vulnerability

Reviewing Code for Buffer Overruns and Overflows - 100%
Reviewing Code for OS Injection - 100%
Reviewing Code for SQL Injection - 100%
Reviewing Code for Data Validation - - 100%
Reviewing code for XSS issues - 100%
Reviewing Code for Error Handling - 100%
Reviewing Code for Logging Issues - 100%
Reviewing The Secure Code Environment - 100%
Authorization (Currently linked to "The Development Guide")
Authentication (Code review)
Session Integrity
Cross Site Request Forgery
Cryptography (Currently linked to "The Development Guide")
Dangerous HTTP Methods ( Secure deployment)
Race Conditions

Language specific best practice

.NET

PHP

Assigned to Andrew van der Stock

MySQL

Assigned to Andrew van der Stock

C/C++

Memory management (Paolo Perego)
String management (Paolo Perego)
Secure access to file system items (Paolo Perego)

Automating Code Reviews

Preface
Reasons for using automated tools
Education and cultural change
Tool Deployment Model
Code Auditor Workbench Tool (100%)

@@ Line 4: / Line 4: @@
 #Steps and Roles
 #Code Review Processes
+#Transaction Analysis - E Keary
 == Design review ==
 #Designing for security
 ## - M Roxberry(.NET)
-## - P Perego (Java)
+## - Paolo Perego (Java)
-## - PHP
+## - Andrew van der Stock (PHP)
-## - P Perego (C)
+## - Paolo Perego (C)
 ## - C++
-## - MySQL
+## - Andrew van der Stock (MySQL)
+## - Mallory (AJAX)
 ==Examples by Vulnerability==
-#Reviewing Code for Buffer Overruns and Overflows - 70%
+#Reviewing Code for Buffer Overruns and Overflows - 100%
-#Reviewing Code for OS Injection - 70%
+#Reviewing Code for OS Injection - 100%
-#Reviewing Code for SQL Injection - 70%
+#Reviewing Code for SQL Injection - 100%
-#Reviewing Code for Data Validation - 70%
+#Reviewing Code for Data Validation - - 100%
-#Reviewing Code for Error Handling - 70%
+#Reviewing code for XSS issues - 100%
-#Reviewing Code for Logging Issues - 70%
+#Reviewing Code for Error Handling - 100%
-#Reviewing The Secure Code Environment - E Keary
+#Reviewing Code for Logging Issues - 100%
-#Transaction Analysis - E Keary
+#Reviewing The Secure Code Environment - 100%
 #Authorization (Currently linked to "The Development Guide")
 #Authentication (Code review)
@@ Line 28: / Line 30: @@
 #Cross Site Request Forgery
 #Cryptography (Currently linked to "The Development Guide")
-#Dangerous HTTP Methods
+#Dangerous HTTP Methods ( Secure deployment)
 #Race Conditions
 == Language specific best practice ==
-===Java===
-#Inner classes
-#Class comparison
-#Cloneable classes
-#Serializable classes
-#Package scope and encapsulation
-#Mutable objects
-#Private methods & circumvention
 ===.NET===
 ===PHP===
+Assigned to Andrew van der Stock
 ===MySQL===
-===Stored Procs===
+Assigned to Andrew van der Stock
-===C===
+===C/C++===
-===C++===
+# Memory management (Paolo Perego)
+# String management (Paolo Perego)
+# Secure access to file system items (Paolo Perego)
 ==Automating Code Reviews==
@@ Line 57: / Line 57: @@
 #Education and cultural change
 #Tool Deployment Model
+#Code Auditor Workbench Tool (100%)
 ==References==

Difference between revisions of "Chapters Assigned"

Latest revision as of 11:17, 23 October 2007

Methodology

Design review

Examples by Vulnerability

Language specific best practice

.NET

PHP

MySQL

C/C++

Automating Code Reviews

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools