This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Code Reviewing Strategies

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
Looking at the source of an application that's over 100k lines of code can be an overwhelming experience. With out having a practical plan of approach, it's easy to get lost and not provide a comprehensive review of the application.

This talk will outline a variety of strategies that help focus and guide the reviewer through the challenges faced in source code auditing. Specific topics will cover comprehensive code reviews, auditing for specific vulnerabilities, design review, hybrid approaches, and the OWASP code review guidelines.

Additionally, a new strategy for source code review will outlined to provide a practical means of focusing a code review effort.

Andrew Wilson

Speaker bio will be posted shortly.