Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code Review Guide Book 2.0 2013 PROJECT SUMMIT. About Me Company Logo Hosted.

Published byBeatrice Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "Code Review Guide Book 2.0 2013 PROJECT SUMMIT. About Me Company Logo Hosted."— Presentation transcript:

1 Code Review Guide Book 2.0 2013 PROJECT SUMMIT

2 About Me www.voixsecurity.blogspot.com Larry.Conklin@owasp.org Twitter @lwconklin Company Logo Hosted by OWASP & the NYC Chapter

3 Agenda The most important side in this deck… Why… The most important people…Contributors Leaders Current Focus…(We need you) Next Steps… The second most important slide in this deck… Hosted by OWASP & the NYC Chapter

4 https://www.owasp.org/index.php/OWASP_Cod e_review_V2_Project https://www.owasp.org/index.php/OWASP_Code_ review_V2_Table_of_Contents

5 Why…Developer community needs Code Review Book. OWASP is serving that need. Hosted by OWASP & the NYC Chapter

6 Larry Conklin Johanna Curiel Eoin Keary Islam Azeddine Mennouchi Abbas Naderi Carlos Pantelides Ashish Rao Gary David Robinson Colin Watson Mghazli Zyad

7 Co-Leaders Eoin Keary Larry Conklin With a great amount of support from Samantha Groves Hosted by OWASP & the NYC Chapter

8 Where we are at… Pre-Alpha Release… Finishing content. Begin reviewing for spelling, grammar and technical accuracy. Afterwards our steps will be to have book reviewed by a professional editor, and review graphics with a professional graphics designer. Hosted by OWASP & the NYC Chapter

9 360 Reviews Code Review Approach Application Threat Modeling Code Layout Design Architecture SDLC Integration Secure Depending Configuration Metrics Code Review Source Sink Review Code Review Coverage Code Review Compliance Authentication Controls Authentication Out of Band Reducing Attack Surface File Resource Handling Hosted by OWASP & the NYC Chapter

10 Client Side Code Introduction, json, Content Security, Browser Defense Policies Input Validation Introduction, Regex Gotchas, ESAPI Resource Exhaustion Error Handling, Native Calls Logging Code Security Alerts Secure Storage Persistent AntiPattern Introduction, Ruby,PHP Reflected AntiPattern Introduction, Ruby Stored AntiPattern Introduction, PHP, Ruby Hosted by OWASP & the NYC Chapter

11 JQuery Mistakes Review Code SQL Injection (.Net, HQL(Hibernate) AntiPattern, PHP, Java,.Net,ColdFusion Transactional logic / Non idempotent functions / State Changing Functions Reviewing code for poor logic /Business logic/Complex authorization Secure Communications, HTTP Hdrs, HTTP Hdrs CSP,HTTP HSTS Tech Stack Pitfalls Framework Specific Issues… Hosted by OWASP & the NYC Chapter

12 Looking for volunteers to begin word smiting, checking for technical accuracy, adding content. Mailing lists… Hosted by OWASP & the NYC Chapter http://lists.owasp.org/mailman/listinfo/ owasp-codereview http://lists.owasp.org/mailman/listinfo/ owasp_code_review_guide_authors

13 Questions…. Hosted by OWASP & the NYC Chapter

Download ppt "Code Review Guide Book 2.0 2013 PROJECT SUMMIT. About Me Company Logo Hosted."

Similar presentations

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
OWASP Secure Coding Practices Quick Reference Guide

OWASP Secure Coding Practices Quick Reference Guide
Presenting the OWASP Testing Guide v4 ALPHA Andrew Muller, Matteo Meucci.

Presenting the OWASP Testing Guide v4 ALPHA Andrew Muller, Matteo Meucci.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
OWASP WEBGOAT Alaa Darabseh Department of Computer Science

OWASP WEBGOAT Alaa Darabseh Department of Computer Science
Automation Domination Application Security with Continuous Integration (CI)

Automation Domination Application Security with Continuous Integration (CI)
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Introduction to Web Application Security

Introduction to Web Application Security
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.
10 Steps To Agile Development Without Compromising Enterprise Security

10 Steps To Agile Development Without Compromising Enterprise Security
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs Marco Morana, Member of OWASP London, Project Lead of the OWASP, CISO Guide Tobias Gondrom,

2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs Marco Morana, Member of OWASP London, Project Lead of the OWASP, CISO Guide Tobias Gondrom,
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Similar presentations

Ads by Google