This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Chapters Assigned

From OWASP

Revision as of 15:34, 11 January 2007 by EoinKeary (talk | contribs) (→‎Language specific best practice)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

1 Methodology
2 Design review
3 Examples by Vulnerability
4 Language specific best practice
- 4.1 Java
- 4.2 .NET
- 4.3 PHP
- 4.4 MySQL
- 4.5 Stored Procs
- 4.6 C
- 4.7 C++
5 Automating Code Reviews
6 References

Methodology

Code Review Introduction
Steps and Roles
Code Review Processes

Design review

Designing for security
1. - M Roxberry(.NET)
2. - (Java)
3. - PHP
4. - C/C++
5. - MySQL

Examples by Vulnerability

Reviewing Code for Buffer Overruns and Overflows - 70%
Reviewing Code for OS Injection - 70%
Reviewing Code for SQL Injection - 70%
Reviewing Code for Data Validation - 70%
Reviewing Code for Error Handling - 70%
Reviewing Code for Logging Issues - 70%
Reviewing The Secure Code Environment - E Keary
Transaction Analysis - E Keary
Authorization (Currently linked to "The Development Guide")
Authentication (Code review)
Session Integrity
Cross Site Request Forgery
Cryptography (Currently linked to "The Development Guide")
Dangerous HTTP Methods
Race Conditions

Language specific best practice

Java

Inner classes
Class comparison
Cloneable classes
Serializable classes
Package scope and encapsulation
Mutable objects
Private methods & circumvention

.NET

PHP

MySQL

Stored Procs

C

C++

Automating Code Reviews

Preface
Reasons for using automated tools
Education and cultural change
Tool Deployment Model

References

Retrieved from "https://wiki.owasp.org/index.php?title=Chapters_Assigned&oldid=15251"