This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Code Review Guide Table of Contents"
From OWASP
(Removed the link from the "Frontispiece" section title because it and the title of the first article it contained were duplicate links. Also, no other section containing articles has a link title.) |
m (Switched a link from article to navigation shell) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 12: | Line 12: | ||
* [[Code Review Guide Frontispiece|About the OWASP Code Review Project]] | * [[Code Review Guide Frontispiece|About the OWASP Code Review Project]] | ||
− | * [[About The Open Web Application Security Project|About The Open Web Application Security Project]] | + | * [[OCRG1.1:About The Open Web Application Security Project|About The Open Web Application Security Project]] |
==Guide History== | ==Guide History== | ||
Line 20: | Line 20: | ||
*[[Code Review Introduction|Introduction]] | *[[Code Review Introduction|Introduction]] | ||
− | *[[Preparation]] | + | *[[Code Review Preparation|Preparation]] |
*[[Security Code Review in the SDLC]] | *[[Security Code Review in the SDLC]] | ||
*[[Security Code Review Coverage]] | *[[Security Code Review Coverage]] | ||
− | *[[Application Threat Modeling]] | + | *[[OCRG1.1:Application Threat Modeling|Application Threat Modeling]] |
*[[Code Review Metrics]] | *[[Code Review Metrics]] | ||
Latest revision as of 15:27, 9 September 2010
[This is the first page] | Principal
(Table of Contents) |
»»Foreword by OWASP Chair»» |
Foreword by OWASP Chair
Frontispiece
Guide History
Methodology
- Introduction
- Preparation
- Security Code Review in the SDLC
- Security Code Review Coverage
- Application Threat Modeling
- Code Review Metrics
Crawling Code
- Crawling Code
- Searching for Code in J2EE/Java
- Searching for Code in Classic ASP
- JavaScript/Web 2.0 Keywords and Pointers
Code Reviews and PCI DSS
Examples by Technical Control
- Authentication
- Authorization
- Session Management
- Input Validation
- Error Handling
- Secure Deployment
- Cryptographic Controls
Examples by Vulnerability
- Reviewing Code for Buffer Overruns and Overflows
- Reviewing Code for OS Injection
- Reviewing Code for SQL Injection
- Reviewing Code for Data Validation
- Reviewing Code for Cross-Site Scripting
- Reviewing Code for Cross-Site Request Forgery
- Reviewing Code for Logging Issues
- Reviewing Code for Session Integrity
- Reviewing Code for Race Conditions
Language Specific Best Practice
Java
Classic ASP
PHP
C/C++
MySQL
Rich Internet Applications
Example Reports
Automating Code Reviews
The Owasp Code Review Top 9
The Owasp Code Review Scoring System
References
[This is the first page] | Principal
(Table of Contents) |
»»Foreword by OWASP Chair»» |