OWASP Code Review Guide

Posted by alvina on December 31st, 2017

OWASP or Open Web Application Security Project is a guide to teach you how to test the safety of your software web application. There are four basic ways to analyze the safety and security of software web based applications: manual penetration testing, manual code review, automated scanning and static analysis.

The Development guide teaches you how to make use of the above techniques to your advantage. The OWASP Code Review team is a unique group of talented volunteers who have great experience and the hunger for the best practices in secure code reviews. It is a generally known fact that secure software programs can be developed efficiently and cost effectively, when bugs are detected early in the software development cycle.

It is evident that hackers have more time than resources to break their way into a software program. They can innovatively try different ways and means to hack into the firewalls when they are blocked.

The OWASP Code Review Guide does not cover all the languages used for programming. Basically, it focuses mainly on C# or .NET and Java. It also includes PHP, C+ and C++ as and when possible and relevant.

The OWASP Code Review Guide is broken up into many parts for simplicity and sense. The major classes are:

Overview: that introduces the reader to all the basic terms involved in the Guide and the advantages that this program offers. It also effectively compares how this Code is different and unique by comparing with other related codes.

Methodology: Dives deeper in to the technical aspects of the program and tells the reader, the correct context of conducting an efficient and true review. It uses threat models to give a thorough explanation of the techniques used and how break in can be prevented.

Reviewing by Technical Control: the Guide dives deep into the crevices and nitty gritty details talking about authentication, logging, authorization, permission, and information leakage. This gives an overview of the important aspects of the controls that can be used as an on the job reference, when the code reviews are conducted.

Review by vulnerabilities: The most prevalent and common vulnerabilities are dissected, XSS and SQL injection included. Session tracking issues and solutions are discussed in detail in this part of the review. It is published in such a way that it can be referred on the job.

This OWASP Application securityreview is written based on three perspectives and three points of views – the IT Management, Software Leads and Secure Code Reviewers. Thus, on the whole, the Secure Code Review is the single, most effective technique that identifies security bugs at early stages and can be used to firewall and rectify them. It provides simple guidance on how the effort should be efficiently structured and executed for best results.