This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Code Review Guide Table of Contents"

From OWASP
Jump to: navigation, search
(Methodology)
m (Switched a link from article to navigation shell)
 
(114 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 +
{{LinkBar
 +
  | useprev=PrevLink | prev= | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Review Guide Foreword | lblnext=Foreword by OWASP Chair
 +
}}
 
__NOTOC__
 
__NOTOC__
  
[[Chapters Assigned|Chapters Assigned]]
+
 
 
==[[Code Review Guide Foreword|Foreword by OWASP Chair]]==
 
==[[Code Review Guide Foreword|Foreword by OWASP Chair]]==
  
==[[Code Review Guide Frontispiece |1. Frontispiece]]==
+
==Frontispiece==
 
 
'''[[Code Review Guide Frontispiece|1.1 About the OWASP Code Review Project]]'''
 
 
 
Copyright
 
 
 
Editors
 
 
 
Authors and Reviewers
 
 
 
Revision History
 
 
 
Trademarks
 
 
 
'''[[About The Open Web Application Security Project|1.2 About The Open Web Application Security Project]]'''
 
 
 
Overview
 
 
 
Structure
 
 
 
Licensing
 
 
 
Participation and Membership
 
 
 
Projects
 
 
 
OWASP Privacy Policy
 
  
 +
* [[Code Review Guide Frontispiece|About the OWASP Code Review Project]]
 +
* [[OCRG1.1:About The Open Web Application Security Project|About The Open Web Application Security Project]]
  
 
==Guide History==
 
==Guide History==
[[Long long ago...]]
+
* [[Code Review Guide History]]
  
 
==Methodology==
 
==Methodology==
  
#[[Code Review Introduction|Introduction]]
+
*[[Code Review Introduction|Introduction]]
#[[Steps and Roles]]
+
*[[Code Review Preparation|Preparation]]
#[[Code Review Processes]]
+
*[[Security Code Review in the SDLC]]
#[[Transaction Analysis]]
+
*[[Security Code Review Coverage]]
[[Category:OWASP Code Review Project]]
+
*[[OCRG1.1:Application Threat Modeling|Application Threat Modeling]]
 +
*[[Code Review Metrics]]
  
 +
==Crawling Code==
 +
* [[Crawling Code]]
 +
* [[Searching for Code in J2EE/Java]]
 +
* [[Searching for Code in Classic ASP]]
 +
* [[JavaScript/Web 2.0 Keywords and Pointers]]
  
==Crawling Code==
+
==Code Reviews and PCI DSS==
#[[introduction]]
+
* [[Code Reviews and Compliance]]
#[[First sweep of the code base]]
 
#[[Getting dug in]]
 
  
== Design review ==
+
==Examples by Technical Control==
#[[Designing for security]]
+
* [[Codereview-Authentication|Authentication]]
##[[.NET]]
+
* [[Codereview-Authorization|Authorization]]
##[[Java]]
+
* [[Codereview-Session-Management|Session Management]]
##[[PHP]]
+
* [[Codereview-Input Validation|Input Validation]]
##[[C]]
+
* [[Codereview-Error-Handling|Error Handling]]
##[[C++]]  
+
* [[Codereview-Deployment|Secure Deployment]]
##[[MySQL]]
+
* [[Codereview-Cryptographic_Controls|Cryptographic Controls]]
##[[AJAX]]
 
  
 
==Examples by Vulnerability==
 
==Examples by Vulnerability==
#[[Reviewing Code for Buffer Overruns and Overflows]]
+
* [[Reviewing Code for Buffer Overruns and Overflows]]
#[[Reviewing Code for OS Injection]]
+
* [[Reviewing Code for OS Injection]]
#[[Reviewing Code for SQL Injection]]
+
* [[Reviewing Code for SQL Injection]]
#[[Reviewing Code for Data Validation]]
+
* [[Reviewing Code for Data Validation]]
#[[Reviewing code for XSS issues]]
+
* [[Reviewing Code for Cross-Site Scripting]]
#[[Reviewing code for CSRF issues]]
+
* [[Reviewing Code for Cross-Site Request Forgery]]
#[[Reviewing Code for Error Handling]]
+
* [[Reviewing Code for Logging Issues]]
#[[Reviewing Code for Logging Issues]]
+
* [[Reviewing Code for Session Integrity]]
#[[Reviewing The Secure Code Environment]]
+
* [[Reviewing Code for Race Conditions]]
#[[Reviewing Code for Authorization Issues]]
 
#[[Reviewing Code for Authentication]]
 
#[[Reviewing Code for Session Integrity issues]]
 
#[[Reviewing Cryptographic Code]]
 
#[[Reviewing Code deployment: Dangerous HTTP Methods]]
 
#[[Reviewing Code for Race Conditions]]
 
  
== Language specific best practice ==
+
== Language Specific Best Practice ==
  
 
===Java===
 
===Java===
#[[Java overview]]
+
*[[Java Gotchas]]
#[[Java gotchas]]
+
*[[Leading Java Security Practice]]
#[[Java applet code review]]
 
#[[Java server (J2EE) code review]]
 
  
===.NET===
+
===Classic ASP===
 +
*[[Classic ASP Design Mistakes]]
  
 
===PHP===
 
===PHP===
 +
*[[Leading PHP Security Practice]]
 +
 +
===C/C++===
 +
*[[Strings and Integers]]
  
===C===
+
===MySQL===
#[[Memory management]]
+
*[[Reviewing MySQL Security]]
#[[String management]]
 
#[[Secure access to file system items]]
 
  
===RUBY===
+
===Rich Internet Applications===
 +
*[[Reviewing Flash Applications]]
 +
*[[Reviewing AJAX Applications]]
 +
*[[Reviewing Web Services]]
  
==[[Automating Code Reviews]]==
+
== Example Reports ==
#[[Preface ]]
+
* [[How to Write an Application Code Review Finding]]
#[[Reasons for using automated tools]]
+
 
#[[Education and cultural change]]
+
==Automating Code Reviews==
#[[Tool Deployment Model]]
+
* [[Automated Code Review]]
#[[Code Auditor Workbench Tool]]
+
* [[Tool Deployment Model]]
 +
* [[Code Auditor Workbench Tool]]
 +
* [[The Owasp Orizon Framework]]
 +
 
 +
==[[The Owasp Code Review Top 9]]==
 +
 
 +
==[[The Owasp Code Review Scoring System]]==
  
 
==[[References]]==
 
==[[References]]==
 +
 +
{{LinkBar
 +
  | useprev=PrevLink | prev= | lblprev=
 +
  | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents
 +
  | usenext=NextLink | next=Code Review Guide Foreword | lblnext=Foreword by OWASP Chair
 +
}}
  
 
[[Category:OWASP Code Review Project]]
 
[[Category:OWASP Code Review Project]]

Latest revision as of 15:27, 9 September 2010

[This is the first page] Principal
(Table of Contents)

»»Foreword by OWASP Chair»»


Foreword by OWASP Chair

Frontispiece

Guide History

Methodology

Crawling Code

Code Reviews and PCI DSS

Examples by Technical Control

Examples by Vulnerability

Language Specific Best Practice

Java

Classic ASP

PHP

C/C++

MySQL

Rich Internet Applications

Example Reports

Automating Code Reviews

The Owasp Code Review Top 9

The Owasp Code Review Scoring System

References

[This is the first page] Principal
(Table of Contents)

»»Foreword by OWASP Chair»»