This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Code Review Project"
(→Downloads) |
(Slight update) |
||
(199 intermediate revisions by 21 users not shown) | |||
Line 1: | Line 1: | ||
− | == | + | <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div> |
+ | <div style="border:0,margin:0;overflow: hidden;"> | ||
+ | {{OWASP Defenders}} {{OWASP Book|5691953}} | ||
+ | <div style="margin: 5px; padding: 5px; float: left; width:70%">{{Social Media Links}} </div> | ||
+ | </div> | ||
+ | =Code Review Guide= | ||
+ | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
+ | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | ==The Release Candidate for the OWASP Code Review Guide is now available!== | ||
+ | Please forward to all the developers and development teams you know!! We would like to immediately start raising awareness about this OWASP resource. | ||
+ | We plan to release the final version in Aug. 2017 after a public comment period ending July 31, 2017. | ||
− | + | Thank you, | |
− | + | Larry Conklin, Gary Robinson | |
− | + | OWASP Code Review Guides Co-Leaders | |
− | == | + | ==Introduction== |
+ | OWASP Code Review Guide is a technical book written for those responsible for code reviews (management, developers, security professionals). The primarily focus of this book has been divided into two main sections. Section one is why and how of code reviews and sections two is devoted to what vulnerabilities need to be to look for during a manual code review. While security scanners are improving every day the need for manual security code reviews still needs to have a prominent place in organizations SDLC (Secure development life cycle) that desires good secure code in production. | ||
− | + | Second sections deals with vulnerabilities. It is based on the poplar OWASP 2013 top 10. Here you will find most of the code examples for both on what not to do and on what to do. A word of caution on code examples; Perl is famous for its saying that there are 10,000 ways to do one thing. The same is true for C#, PHP and Java or any other computer language. Now add in "Object-Oriented Programming" and if we are using design patterns or even what designs patterns are being used and sample code becomes very “iff” in what to write. We tried to keep the sample code so code reviews can see red flags and not “do it my way or else”. | |
− | |||
+ | The last section is the appendix. Here we have content like code reviewer check list, etc. of items that really don’t flow in book form but needed to be included to make the code review guide compete. | ||
+ | ==Review of Code Review Guide 2.0== | ||
+ | Constructive comments on this OWASP Code Review Release Candidate should be forwarded via email to [email protected]. Private comments may be sent to [email protected] or [email protected] . All comments are welcome. All comments should indicate the specific relevant page and section. | ||
− | + | All feedback is critical to the continued success of the OWASP Code Review Guide. | |
− | |||
− | == | + | ==Licensing== |
+ | OWASP Code Review Guide is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | ||
− | |||
− | + | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | |
− | [[Category:OWASP Project]] | + | == Project Leader == |
+ | * Larry Conklin [mailto:[email protected]] | ||
+ | * Gary Robinson [mailto:[email protected]] | ||
+ | |||
+ | == Project Email == | ||
+ | * Project Email [mailto:[email protected]] | ||
+ | |||
+ | ==Classifications== | ||
+ | [[File:Owasp-defenders-small.png|link=]] | ||
+ | |||
+ | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
+ | |||
+ | [[File:Project_Type_Files_DOC.jpg|link=]] | ||
+ | |||
+ | == Related Projects == | ||
+ | |||
+ | OWASP Testing Guide [https://www.owasp.org/index.php/OWASP_Testing_Project] | ||
+ | |||
+ | |||
+ | | valign="top" style="padding-left:25px;width:200px;" | | ||
+ | |||
+ | == Quick Download == | ||
+ | * [https://www.owasp.org/index.php/File:OWASP_Code_Review_Guide_v2.pdf Code Review Guide 2.0] | ||
+ | |||
+ | == In Print == | ||
+ | Code Review Guide 2.0 will be available in Lulu in the near future. | ||
+ | |||
+ | [http://www.lulu.com/content/5678680 Code Review Guide V1.1] on Lulu. | ||
+ | |} | ||
+ | |||
+ | = Acknowledgements = | ||
+ | The OWASP Code Review project was conceived by Eoin Keary, the OWASP Dublin Founder and Chapter Lead. | ||
+ | |||
+ | Code Review Mailing list[mailto:[email protected]] | ||
+ | |||
+ | Project leaders [mailto:[email protected] [email protected]] or [mailto:[email protected] [email protected]] | ||
+ | |||
+ | __NOTOC__ <headertabs /> | ||
+ | |||
+ | [[Category:OWASP Project]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] |
Latest revision as of 10:29, 14 July 2017
The Release Candidate for the OWASP Code Review Guide is now available!Please forward to all the developers and development teams you know!! We would like to immediately start raising awareness about this OWASP resource. We plan to release the final version in Aug. 2017 after a public comment period ending July 31, 2017. Thank you, Larry Conklin, Gary Robinson OWASP Code Review Guides Co-Leaders IntroductionOWASP Code Review Guide is a technical book written for those responsible for code reviews (management, developers, security professionals). The primarily focus of this book has been divided into two main sections. Section one is why and how of code reviews and sections two is devoted to what vulnerabilities need to be to look for during a manual code review. While security scanners are improving every day the need for manual security code reviews still needs to have a prominent place in organizations SDLC (Secure development life cycle) that desires good secure code in production. Second sections deals with vulnerabilities. It is based on the poplar OWASP 2013 top 10. Here you will find most of the code examples for both on what not to do and on what to do. A word of caution on code examples; Perl is famous for its saying that there are 10,000 ways to do one thing. The same is true for C#, PHP and Java or any other computer language. Now add in "Object-Oriented Programming" and if we are using design patterns or even what designs patterns are being used and sample code becomes very “iff” in what to write. We tried to keep the sample code so code reviews can see red flags and not “do it my way or else”. The last section is the appendix. Here we have content like code reviewer check list, etc. of items that really don’t flow in book form but needed to be included to make the code review guide compete. Review of Code Review Guide 2.0Constructive comments on this OWASP Code Review Release Candidate should be forwarded via email to [email protected]. Private comments may be sent to [email protected] or [email protected] . All comments are welcome. All comments should indicate the specific relevant page and section. All feedback is critical to the continued success of the OWASP Code Review Guide. LicensingOWASP Code Review Guide is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
Project LeaderProject Email
Classifications
Related ProjectsOWASP Testing Guide [4]
|
Quick DownloadIn PrintCode Review Guide 2.0 will be available in Lulu in the near future. Code Review Guide V1.1 on Lulu. |
The OWASP Code Review project was conceived by Eoin Keary, the OWASP Dublin Founder and Chapter Lead.
Code Review Mailing list[5]
Project leaders [email protected] or [email protected]
Pages in category "OWASP Code Review Project"
The following 69 pages are in this category, out of 69 total.
C
- Classic ASP Design Mistakes
- Code Review Guide Foreword
- Code Review Guide Frontispiece
- Code Review Introduction
- Code Review Metrics
- Code Review Preparation
- Code Reviews and Compliance
- Codereview-Authentication
- Codereview-Authorization
- Codereview-Cryptography
- Codereview-Deployment
- Codereview-Error-Handling
- Codereview-Input Validation
- Codereview-Session-Management
- Crawling Code
- CRV2 ErrorHandlingMessages
- CRV2 MetricsCodeRev
- CRV2 PrepContext
- CRV2 SQLInjPHP
O
R
- Reasons for using automated tools
- References
- Reviewing Code for Authentication
- Reviewing Code for Authorization Issues
- Reviewing Code for Buffer Overruns and Overflows
- Reviewing code for Cross-Site Request Forgery issues
- Reviewing Code for Cross-site scripting
- Reviewing Code for Data Validation
- Reviewing Code for Error Handling
- Reviewing Code for Logging Issues
- Reviewing Code for OS Injection
- Reviewing Code for Race Conditions
- Reviewing Code for Session Integrity issues
- Reviewing Code for SQL Injection
- Reviewing Flash Applications
- Reviewing MySQL Security
- Reviewing The Secure Code Environment
- Reviewing Web Services