This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Code Review Project"

From OWASP
Jump to: navigation, search
m (Reverted edits by Frank Alexander (talk) to last revision by Paulo Coimbra)
Line 1: Line 1:
== Modelo de Auditoría de sistemas: ==
+
{{OWASP Book|5678680}}
 +
==== Main ====
  
Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.  
+
=== OWASP Code Review Guide V2.0  ===
 +
[[:Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0|Planned to be launched mid January 2011]].  
  
#Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.
+
==Contents==
#OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
+
[[OWASP Code Review Guide Table of Contents]]
#Filtro Web: Previene intrusiones a través de puertos inseguros
 
#Clam Antivirus: Previene, detecta y corrige virus informático
 
  
<br>
+
==Summer of Code 2008==
 +
The Code review guide is proudly sponsored by the OWASP Summer of Code (SoC) 2008. For more information please see [[OWASP_Summer_of_Code_2008| OWASP Summer of Code 2008]].
  
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
== Code Review Guide V1.1 Completed ==
|-
+
The code review guide has been completed and is available here http://www.lulu.com/content/5678680 as a bound book.
| Clam Antivirus
 
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 
|-
 
| Filtro Web
 
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 
|-
 
| OpenVAS
 
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 
|-
 
| Sistema de Cifrado Congelado
 
|}
 
  
|}
+
==Code review tool==
 +
The following link is for the new version of Code Crawler, code review tool which examines code for keywords discussed in the section "[[Crawling Code]]". It support Java and .NET code:
  
|}
+
http://codecrawler.codeplex.com/Release/ProjectReleases.aspx
  
|}
+
== Owasp Orizon Code review engine ==
  
== Descripción softwares de auditoría  ==
+
The Owasp Orizon Project is born in 2006 to provide a set of APIs to provide an opensource engine to provide static analysis services to developers that wants to build a code review tool.
  
*El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
+
The Owasp Orizon will evolve accordingly in order to implement security checks described in the Code Review Guide.
 +
With the framework a UI is also provided in order to give people a standalone tool to realize code review for the security flaws listed in the "[[The Owasp Code Review Top 9]]"
  
*Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
 
  
*El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.
+
The Owasp Orizon main page is available here: [[:Category:OWASP_Orizon_Project]]
  
*Clamwin.com es un software de código abierto, no usa computación en la nube y tiene una GUI que detecta virus en línea http://sourceforge.net/projects/clamsentinel
 
  
== Macroinformática  ==
+
Source code is hosted at Sourceforge.net site: http://orizon.sourceforge.net
  
La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:
+
== Spring Of Code 2007 ==
 +
The Code review guide is proudly sponsored by the OWASP Spring of Code (SpOC) 2007.
 +
For more information please see [[OWASP_Spring_Of_Code_2007|Spring of Code 2007]]
  
*Transmisión cifrada: Cliente e-mail con GnuPG
+
== Project Contributors ==
  
http://fellowship.fsfe.org  
+
The OWASP Code Review project was conceived by Eoin Keary, the OWASP Ireland Founder and Chapter Lead. We are actively seeking individuals to add new sections as new web technologies emerge. If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line  mailto:eoin.keary@owasp.org
  
*Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
+
==Join the Code Review Team==
  
#ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
+
All of the OWASP Guides are living documents that will continue to change as the threat and security landscape changes.<br>
#http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
 
  
*Ruby: Lenguaje de programación experimental
+
We welcome everyone to join the Code Review Guide Project and help us make this document great. The best way to get started is to subscribe to the mailing list by following the link below.  Please introduce yourself and ask to see if there is anything you can help with.  We are always looking for new contributions.  If there is a topic that you’d like to research and contribute, please let us know!<br>
  
http://ruby-lang.org  
+
http://lists.owasp.org/mailman/listinfo/owasp-codereview
  
*J2re1.3.1_20: Ejecutable de objetos interactivos o applets
+
==Roadmap==
  
http://java.sun.com/products/archive/j2se/1.3.1_20/index.html
+
View the [[OWASP Code Review Project Roadmap]]
  
*Escritorio: Gestor de ventanas X11
+
==== Project About ====
 +
{{:Projects/OWASP Code Review Project| Project About}}
  
http://windowmaker.info
+
__NOTOC__ <headertabs />
  
*Gnuzilla: Navegador seguro y de uso libre
+
<!--- {{:Project Information:template Code Review Project}} --->
 
+
[[Category:OWASP Project|Code Review Project]]
http://code.google.com/p/iceweaselwindows/downloads/list
+
[[Category:OWASP Document]]
 
+
[[Category:OWASP Download]]
*Gnupdf: Visor de formato de texto universal pdf
+
[[Category:OWASP Release Quality Document]]
 
 
http://blog.kowalczyk.info/software/sumatrapdf
 
 
 
*Gnuflash: Jugador alternativo a flash player
 
 
 
http://gnu.org/software/gnash
 
 
 
*Zinf: Reproductor de audio
 
 
 
http://zinf.org
 
 
 
*Informática forense: Análisis de datos ocultos en el disco duro
 
 
 
http://sleuthkit.org
 
 
 
*Compresor: Comprime datos sobreescribiendo bytes repetidos
 
 
 
http://peazip.sourceforge.net
 
 
 
*Ftp: Gestor de descarga de archivos
 
 
 
http://dfast.sourceforge.net
 
 
 
*AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)
 
 
 
http://psmantikeyloger.sourceforge.net
 
 
 
*Password manager: Gestión de contraseñas
 
 
 
http://passwordsafe.sourceforge.net
 
 
 
*Limpiador de disco: Borra archivos innecesrios del sistema
 
 
 
http://bleachbit.sourceforge.net
 
 
 
*Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual
 
 
 
http://kessels.com/jkdefrag
 
 
 
*X11: Gestor de ventanas, reemplazo de escritorio Xwindow's
 
 
 
http://bb4win.org
 
 
 
*Open Hardware: Hardware construído por la comunidad Linux
 
 
 
http://open-pc.com
 
 
 
*Open WRT: Firmware libre para configurar transmisión de Internet
 
 
 
http://openwrt.org
 
 
 
*Gnu- Linux: Sistema operativo universal
 
 
 
http://gnewsense.org
 
 
 
== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.
 
 
 
Implementación de la biocriptoseguridad informática:
 
 
 
#Amplificar la banda ancha
 
#Optimizar (limpiar- modificar) el sistema operativo
 
#Desfragmentar los discos lógicos
 
#Ocultar el sistema operativo
 
#Configurar antivirus
 
#Limpiar y desfragmentar
 
#Congelar
 
 
 
*Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
 
 
 
*Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
 
 
 
*Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.
 
 
 
Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware
 
 
 
*http://code.google.com/p/hzr312001/downloads/detail?name=Deep%20systemze%20Standard%20Version%206.51.020.2725.rar&amp;can=2&amp;q= (para Window's)
 
*http://sourceforge.net/projects/lethe (para GNU/Linux)
 
 
 
<br>Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:
 
 
 
*Gnupg: Sirve para cifrar mensajes de correo electrónico http://gpg4win.org/download.html
 
 
 
*Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org
 
 
 
*Red protegida: DNS libre http://namespace.org/switch
 
 
 
*Criptosistema simétrico: Encapsula el disco duro, incluyendo el sistema operativo,usando algoritmo Twofish http://truecrypt.org/downloads.php
 
 
 
*Proxy cifrado: Autenticación de usuario anónimo http://torproject.org
 
 
 
Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.
 

Revision as of 23:05, 7 February 2011

OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

Main

OWASP Code Review Guide V2.0

Planned to be launched mid January 2011.

Contents

OWASP Code Review Guide Table of Contents

Summer of Code 2008

The Code review guide is proudly sponsored by the OWASP Summer of Code (SoC) 2008. For more information please see OWASP Summer of Code 2008.

Code Review Guide V1.1 Completed

The code review guide has been completed and is available here http://www.lulu.com/content/5678680 as a bound book.

Code review tool

The following link is for the new version of Code Crawler, code review tool which examines code for keywords discussed in the section "Crawling Code". It support Java and .NET code:

http://codecrawler.codeplex.com/Release/ProjectReleases.aspx

Owasp Orizon Code review engine

The Owasp Orizon Project is born in 2006 to provide a set of APIs to provide an opensource engine to provide static analysis services to developers that wants to build a code review tool.

The Owasp Orizon will evolve accordingly in order to implement security checks described in the Code Review Guide. With the framework a UI is also provided in order to give people a standalone tool to realize code review for the security flaws listed in the "The Owasp Code Review Top 9"


The Owasp Orizon main page is available here: Category:OWASP_Orizon_Project


Source code is hosted at Sourceforge.net site: http://orizon.sourceforge.net

Spring Of Code 2007

The Code review guide is proudly sponsored by the OWASP Spring of Code (SpOC) 2007. For more information please see Spring of Code 2007

Project Contributors

The OWASP Code Review project was conceived by Eoin Keary, the OWASP Ireland Founder and Chapter Lead. We are actively seeking individuals to add new sections as new web technologies emerge. If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line mailto:[email protected]

Join the Code Review Team

All of the OWASP Guides are living documents that will continue to change as the threat and security landscape changes.

We welcome everyone to join the Code Review Guide Project and help us make this document great. The best way to get started is to subscribe to the mailing list by following the link below. Please introduce yourself and ask to see if there is anything you can help with. We are always looking for new contributions. If there is a topic that you’d like to research and contribute, please let us know!

http://lists.owasp.org/mailman/listinfo/owasp-codereview

Roadmap

View the OWASP Code Review Project Roadmap

Project About

PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Code Review Project (home page)
Purpose: The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0.

License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
N/A - Unknown Date - (no download available)
Release description: N/A
Rating: {{:Projects/OWASP Code Review Project/GPC/Assessment/{{{release_name}}} | Release Rating}}
last reviewed release
Code Review Guide V1.1 - 4 January 2009 - (download)
Release description:

This release is an expanded and improved version of the former OWASP Code Review Guide’s RC 2.0 version which contains the following additional and expanded chapters: Transactional Analysis, Threat Modelling and Analysis, Example reports and how to write one, Automated code review, Rich Internet Applications, The OWASP ESAPI, Code review Metrics, Integrating Code review with an existing SDLC.

Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases

Pages in category "OWASP Code Review Project"

The following 69 pages are in this category, out of 69 total.

A

B

C

D

E

H

I

J

L

O

P

R

S

T

X

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Code_Review_Project&oldid=104301"