This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Code Review V2 Table of Contents"
From OWASP
| Line 44: | Line 44: | ||
# Author - Open | # Author - Open | ||
## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Preparation]] | ## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Preparation]] | ||
| + | ====Application Threat Modeling==== | ||
| + | #Author - Andy, Renchie Joan | ||
| + | ## Previous version to be updated: [[https://www.owasp.org/OCRG1.1:Application_Threat_Modeling]] | ||
| + | ====Understanding Code layout/Design/Architecture==== | ||
| + | #Author - Ashish Rao | ||
| + | ===SDLC Integration=== | ||
| + | #Author - Andy, Ashish Rao | ||
| + | ## Previous version to be updated: [[https://www.owasp.org/index.php/Security_Code_Review_in_the_SDLC]] | ||
| + | ====Deployment Models==== | ||
| + | =====Secure deployment configurations==== | ||
| + | #Author - Ashish Rao | ||
| + | ## New Section | ||
| + | =====Metrics and code review===== | ||
| + | #Author - Andy | ||
| + | ## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Metrics]] | ||
| + | =====Source and sink reviews===== | ||
| + | #Author - Ashish Rao | ||
| + | ## New Section | ||
| + | =====Code review Coverage===== | ||
| + | #Author - Open | ||
| + | ## Previous version to be updated: [[https://www.owasp.org/index.php/Code_Review_Coverage]] | ||
Revision as of 02:25, 18 April 2013
- 1 OWASP Code Review Guide v2.0:
- 1.1 Forward
- 1.2 Code Review Guide History
- 1.3 Introduction
- 1.4 Methodology
OWASP Code Review Guide v2.0:
Forward
- Author Eoin Keary
- Previous version to be updated:[[1]]
Code Review Guide History
- Author - Eoin Keary
- Previous version to be updated:[[2]]
Introduction
- Author - Eoin Keary
What is source code review and Static Analysis
- Author - Zyad Mghazli
- New Section
Manual Review - Pros and Cons
- Author - Ashish Rao
- New Section
- Suggestion: Benchmark of different Stataic Analysis Tools Zyad Mghazli
- New Section
Why code review
Scope and Objective of secure code review
- Author - Ashish Rao
We can't hack ourselves secure
- Author - Prathamesh Mhatre
- New Section
360 Review: Coupling source code review and Testing / Hybrid Reviews
- Author - Ashish Rao
- New Section
Can static code analyzers do it all?
- Author - Ashish Rao
- New Section
Methodology
The code review approach
- Author - Prathamesh Mhatre
Preparation and context
- Author - Open
- Previous version to be updated: [[3]]
Application Threat Modeling
- Author - Andy, Renchie Joan
- Previous version to be updated: [[4]]
Understanding Code layout/Design/Architecture
- Author - Ashish Rao
SDLC Integration
- Author - Andy, Ashish Rao
- Previous version to be updated: [[5]]
Deployment Models
=Secure deployment configurations
- Author - Ashish Rao
- New Section
Metrics and code review
- Author - Andy
- Previous version to be updated: [[6]]
Source and sink reviews
- Author - Ashish Rao
- New Section
Code review Coverage
- Author - Open
- Previous version to be updated: [[7]]
