Revision as of 02:31, 18 April 2013

OWASP Code Review Guide v2.0:

Forward

1. Author Eoin Keary
   1. Previous version to be updated:[[1]]

Code Review Guide History

1. Author - Eoin Keary
   1. Previous version to be updated:[[2]]

Introduction

1. Author - Eoin Keary

What is source code review and Static Analysis

1. Author - Zyad Mghazli
   1. New Section

Manual Review - Pros and Cons

1. Author - Ashish Rao
   1. New Section
      1. Suggestion: Benchmark of different Stataic Analysis Tools Zyad Mghazli

Why code review

Scope and Objective of secure code review

1. Author - Ashish Rao

We can't hack ourselves secure

1. Author - Prathamesh Mhatre
   1. New Section

360 Review: Coupling source code review and Testing / Hybrid Reviews

1. Author - Ashish Rao
   1. New Section

Can static code analyzers do it all?

1. Author - Ashish Rao
   1. New Section

Methodology

The code review approach

1. Author - Prathamesh Mhatre

Preparation and context

1. Author - Open
   1. Previous version to be updated: [[3]]

Application Threat Modeling

1. Author - Andy, Renchie Joan
   1. Previous version to be updated: [[4]]

Understanding Code layout/Design/Architecture

1. Author - Ashish Rao

SDLC Integration

1. Author - Andy, Ashish Rao
   1. Previous version to be updated: [[5]]

Deployment Models

Secure deployment configurations

1. Author - Ashish Rao
   1. New Section

Metrics and code review

1. Author - Andy
   1. Previous version to be updated: [[6]]

Source and sink reviews

1. Author - Ashish Rao
   1. New Section

Code review Coverage

1. Author - Open
   1. Previous version to be updated: [[7]]

Design Reviews

1. Author - Ashish Rao

• Why to review design?
  • Building security in design - secure by design principle
  • Design Areas to be reviewed
  • Common Design Falws