This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Summer of Code 2008 Applications"
| Line 17: | Line 17: | ||
== SoC 08 Application 2 == | == SoC 08 Application 2 == | ||
| − | * | + | * Eoin Keary, |
| − | * | + | * OWASP Code review guide, V1.1 |
| − | + | '''Code Review Guide Proposal''': | |
| − | + | ||
| + | '''Introduction:'''The code review guide is currently at version RC 2.0 and the second best selling OWASP book. | ||
| + | I have received many positive comments regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. | ||
| + | |||
| + | It has even inspired individuals to build tools based on its information and I have convinced such people (Alessio Marziali) to open source their tool and make it an OWASP project. | ||
| + | |||
| + | The combination of a book on secure code review and a tool to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development. | ||
| + | |||
| + | '''Proposal:''' | ||
| + | I am proposing that I improve the code review guide from a number of aspects. This should place the guide as a de facto secure code review guide in the application security industry. | ||
| + | |||
| + | '''Additional and expanded Chapters:'''<br> | ||
| + | |||
| + | '''Transactional analysis'''<br> | ||
| + | Expand chapter.<br> | ||
| + | Examples via diagrams.<br> | ||
| + | |||
| + | '''Threat Modeling and Analysis'''<br> | ||
| + | The approach to examining an application to be reviewed.<br> | ||
| + | Focusing on areas of interest.<br> | ||
| + | |||
| + | '''Example reports and how to write one'''<br> | ||
| + | How to determine the risk level of a finding.<br> | ||
| + | |||
| + | '''Automated code review''' <br> | ||
| + | Code crawler documentation and usage.<br> | ||
| + | |||
| + | '''Rich Internet Applications'''<br> | ||
| + | Expanded chapters on Flash, Ajax.<br> | ||
| + | |||
| + | '''The OWASP ESAPI (Enterprise Security API)'''<br> | ||
| + | What it is, Why use it. What to review.<br> | ||
| + | |||
| + | '''Code review Metrics:'''<br> | ||
| + | How to compile, use and analyse metrics.<br> | ||
| + | Rolling out metrics in the Enterprise.<br> | ||
| + | |||
| + | '''Integrating Code review with an existing SDLC''' | ||
| + | Integration of Secure Code review with an existing SDLC.<br> | ||
| + | Secure Code review roadmap definition.<br> | ||
| + | Documentation requirements.<br> | ||
| + | Scope definition.<br> | ||
| + | SDLC steering comittee establishment.<br> | ||
| + | Performace criteria, benchmarks and metrics.<br> | ||
| + | Integration of SDLC results into key IT governance areas.<br> | ||
| + | Critical success factors.<br> | ||
| + | |||
| + | |||
== SoC 08 Application 3 == | == SoC 08 Application 3 == | ||
Revision as of 11:24, 5 March 2008
This page contains project Applications to the OWASP Summer Of Code 2008
A few notes
- If you want to apply for a SoC 2008 sponsorship you HAVE TO USE THIS PAGE for your application.
- See How To Participate for what to do once you completed your Application.
- Please remember that projects will be selected and funded based on how well they meet the Selection Criteria.
- Please see AoC 06 and SpoC 07 for examples of Applications.
- You can propose your project in any form you wish, but the best proposals will be well thought out, clear and concise, and reflective of your passion for the topic. We strongly suggest that you include this information in your proposal.
Applications - {Fill in below}
The Application Security Desk Reference - ASDR
- Leonardo Cavallari Militelli,
- ASDR Table of Contents
- X
- Y
SoC 08 Application 2
- Eoin Keary,
- OWASP Code review guide, V1.1
Code Review Guide Proposal:
Introduction:The code review guide is currently at version RC 2.0 and the second best selling OWASP book. I have received many positive comments regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity.
It has even inspired individuals to build tools based on its information and I have convinced such people (Alessio Marziali) to open source their tool and make it an OWASP project.
The combination of a book on secure code review and a tool to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
Proposal: I am proposing that I improve the code review guide from a number of aspects. This should place the guide as a de facto secure code review guide in the application security industry.
Additional and expanded Chapters:
Transactional analysis
Expand chapter.
Examples via diagrams.
Threat Modeling and Analysis
The approach to examining an application to be reviewed.
Focusing on areas of interest.
Example reports and how to write one
How to determine the risk level of a finding.
Automated code review
Code crawler documentation and usage.
Rich Internet Applications
Expanded chapters on Flash, Ajax.
The OWASP ESAPI (Enterprise Security API)
What it is, Why use it. What to review.
Code review Metrics:
How to compile, use and analyse metrics.
Rolling out metrics in the Enterprise.
Integrating Code review with an existing SDLC
Integration of Secure Code review with an existing SDLC.
Secure Code review roadmap definition.
Documentation requirements.
Scope definition.
SDLC steering comittee establishment.
Performace criteria, benchmarks and metrics.
Integration of SDLC results into key IT governance areas.
Critical success factors.
SoC 08 Application 3
- First name or Alias,
- Project name,
- X
- Y
SoC 08 Application 4
- First name or Alias,
- Project name,
- X
- Y
