This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Code Review Guide Table of Contents"

From OWASP
Jump to: navigation, search
(Language specific best practice)
m (Switched a link from article to navigation shell)
 
(169 intermediate revisions by 13 users not shown)
Line 1: Line 1:
 +
{{LinkBar
 +
  | useprev=PrevLink | prev= | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Review Guide Foreword | lblnext=Foreword by OWASP Chair
 +
}}
 +
__NOTOC__
 +
 +
 +
==[[Code Review Guide Foreword|Foreword by OWASP Chair]]==
 +
 +
==Frontispiece==
 +
 +
* [[Code Review Guide Frontispiece|About the OWASP Code Review Project]]
 +
* [[OCRG1.1:About The Open Web Application Security Project|About The Open Web Application Security Project]]
 +
 +
==Guide History==
 +
* [[Code Review Guide History]]
 +
 
==Methodology==
 
==Methodology==
  
#[[Code Review Introduction|Introduction]]
+
*[[Code Review Introduction|Introduction]]
 
+
*[[Code Review Preparation|Preparation]]
NOTE: The following two sections seem to describe quality code review processes, not specifically focused on security. Security code reviews are somewhat different as they require an understanding of the threat model.
+
*[[Security Code Review in the SDLC]]
 +
*[[Security Code Review Coverage]]
 +
*[[OCRG1.1:Application Threat Modeling|Application Threat Modeling]]
 +
*[[Code Review Metrics]]
  
#[[Steps and Roles]]
+
==Crawling Code==
#[[Code Review Processes]]
+
* [[Crawling Code]]
 +
* [[Searching for Code in J2EE/Java]]
 +
* [[Searching for Code in Classic ASP]]
 +
* [[JavaScript/Web 2.0 Keywords and Pointers]]
  
==[[Design review]] ==
+
==Code Reviews and PCI DSS==
 +
* [[Code Reviews and Compliance]]
  
==Examples by vulnerability==
+
==Examples by Technical Control==
#[[Buffer Overruns and Overflows|Buffer Overruns and Overflows]]
+
* [[Codereview-Authentication|Authentication]]
#[[OS Injection]]
+
* [[Codereview-Authorization|Authorization]]
#[[SQL Injection]]
+
* [[Codereview-Session-Management|Session Management]]
#[[Data Validation (Code Review)|Data Validation]]
+
* [[Codereview-Input Validation|Input Validation]]
#[[Error Handling]]
+
* [[Codereview-Error-Handling|Error Handling]]
#[[The Secure Code Environment]]
+
* [[Codereview-Deployment|Secure Deployment]]
#[[Transaction Analysis]]
+
* [[Codereview-Cryptographic_Controls|Cryptographic Controls]]
#[[Authorisation]]
 
#[[Authentication (Code review)|Authentication]]
 
  
 +
==Examples by Vulnerability==
 +
* [[Reviewing Code for Buffer Overruns and Overflows]]
 +
* [[Reviewing Code for OS Injection]]
 +
* [[Reviewing Code for SQL Injection]]
 +
* [[Reviewing Code for Data Validation]]
 +
* [[Reviewing Code for Cross-Site Scripting]]
 +
* [[Reviewing Code for Cross-Site Request Forgery]]
 +
* [[Reviewing Code for Logging Issues]]
 +
* [[Reviewing Code for Session Integrity]]
 +
* [[Reviewing Code for Race Conditions]]
  
== Language specific best practice ==
+
== Language Specific Best Practice ==
  
 
===Java===
 
===Java===
#[[Inner classes]]
+
*[[Java Gotchas]]
#[[Class comparison]]
+
*[[Leading Java Security Practice]]
#[[Cloneable classes]]
 
#[[Serializable claasses]]
 
#[[Package scope and encapsulation]]
 
#[[Mutable objects]]
 
#[[Private methods & circumvention]]
 
  
===.NET===
+
===Classic ASP===
 +
*[[Classic ASP Design Mistakes]]
  
 
===PHP===
 
===PHP===
 +
*[[Leading PHP Security Practice]]
 +
 +
===C/C++===
 +
*[[Strings and Integers]]
 +
 +
===MySQL===
 +
*[[Reviewing MySQL Security]]
 +
 +
===Rich Internet Applications===
 +
*[[Reviewing Flash Applications]]
 +
*[[Reviewing AJAX Applications]]
 +
*[[Reviewing Web Services]]
  
==[[Automating Code Reviews]] ==
+
== Example Reports ==
 +
* [[How to Write an Application Code Review Finding]]
 +
 
 +
==Automating Code Reviews==
 +
* [[Automated Code Review]]
 +
* [[Tool Deployment Model]]
 +
* [[Code Auditor Workbench Tool]]
 +
* [[The Owasp Orizon Framework]]
 +
 
 +
==[[The Owasp Code Review Top 9]]==
 +
 
 +
==[[The Owasp Code Review Scoring System]]==
  
 
==[[References]]==
 
==[[References]]==
 +
 +
{{LinkBar
 +
  | useprev=PrevLink | prev= | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Review Guide Foreword | lblnext=Foreword by OWASP Chair
 +
}}
  
 
[[Category:OWASP Code Review Project]]
 
[[Category:OWASP Code Review Project]]

Latest revision as of 15:27, 9 September 2010

[This is the first page] Principal
(Table of Contents)

»»Foreword by OWASP Chair»»


Foreword by OWASP Chair

Frontispiece

Guide History

Methodology

Crawling Code

Code Reviews and PCI DSS

Examples by Technical Control

Examples by Vulnerability

Language Specific Best Practice

Java

Classic ASP

PHP

C/C++

MySQL

Rich Internet Applications

Example Reports

Automating Code Reviews

The Owasp Code Review Top 9

The Owasp Code Review Scoring System

References

[This is the first page] Principal
(Table of Contents)

»»Foreword by OWASP Chair»»
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Code_Review_Guide_Table_of_Contents&oldid=88957"