OWASP code Review checklist excel
Code review checklistDecember 27, 2017 10:09 Tweet Code Review Checklist (edit)https://www.guru99.com/asp-net-web-api-interview-questions.html Show
https://www.fullstack.cafe/blog/asp-net-web-api-interview-questions AdminLTE.Core(HAY HAY HAY)https://www.udemy.com/course/complete-aspnet-core-21-course/ Implementing CQRS Pattern with Vue.js & ASP.NET Core MVChttps://www.codeproject.com/Articles/5262285/Implementing-CQRS-Pattern-with-Vue-js-ASP-NET-Core https://www.c-sharpcorner.com/article/implementing-cqrs-pattern-with-vue-js-asp-net-core-mvc/ Implementing CQRS Pattern with Vue.js & ASP.NET Core MVChttps://codeload.github.com/ColorlibHQ/AdminLTE/zip/v2.4.18(HAY HAY HAY) https://github.com/moemura/AdminLTE.Core(HAY HAY HAY) https://github.com/moemura/AdminLTE.Core/releases/tag/2.0.1 https://github.com/dotnet-express/AdminLTE-Starter-Kit/releases https://github.com/dotnet-express/AdminLTE-Starter-Kit/releases/tag/v0.8.0 https://github.com/go2ismail/adminlte-aspnetcore2-version https://github.com/shehryarkn/Dynamic-User-Defined-Dashboards-Asp-Net-Core https://github.com/shehryarkn/Asp-net-Core-Project-with-Admin-Template-Setup Code ReviewChecklist:https://www.michaelagreiler.com/code-review-checklist/ Google:https://blog.fullstory.com/what-we-learned-from-google-code-reviews-arent-just-for-catching-bugs/ Microsoft:https://www.michaelagreiler.com/code-reviews-at-microsoft-how-to-code-review-at-a-large-software-company/ Code Guidehttps://www.cybersecuritycourses.com/course/dev544-secure-coding-in-net-developing-defensible-applications/(HAY HAY HAY) https://niccs.us-cert.gov/training/search/sans-institute/secure-coding-net-developing-defensible-applications(HAY HAY HAY) Code Quality & Secure1. Readability a.k.a. Understandability (Khả năng đọc hoặc Khả năng hiểu được) https://www.enosecurity.com/training-tutorials-courses/secure-coding-in-asp-net-training/(Tranining) Audience / Target Group:
Topics:
https://forums.asp.net/t/1926690.aspx?Secure+Coding+best+practices+guideline https://download.microsoft.com/documents/uk/msdn/security/The Developer Highway Code.pdf http://www.evoketechnologies.com/blog/code-review-checklist-perform-effective-code-reviews/ https://nyu-cds.github.io/effective-code-reviews/01-intro/ https://nyu-cds.github.io/effective-code-reviews/02-best-practices/ https://nyu-cds.github.io/effective-code-reviews/03-checklist/ Security Code Reviewhttps://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf RESTful API Lifecycle Managementhttps://dzone.com/refcardz/restful-api-lifecycle-management LINQhttps://msdn.microsoft.com/en-us/library/bb308959.aspx Code Review Checklist &Guidelines for CSharp Developershttps://www.codeproject.com/Reference/593751/Code-Review-Checklist-and-Guidelines-for-Csharp-De Code Review Guidelineshttps://www.codeproject.com/Articles/524235/Codeplusreviewplusguidelines Assign Severity to Review FindingThe severity to find issues with code should go as below. Reviewer must focus on issues with High severity first and then to Medium severity and then Low severity issues.
https://weblogs.asp.net/tgraham/44763 In my previous blog post, we discussed about 10 Simple Code Review Tips for Effective Code Reviews. Now, lets take this topic further and explore the code review checklist, which would help to perform effective code reviews to deliver best quality software. This code review checklist also helps the code reviewers and software developers (during self code review) to gain expertise in the code review process, as these points are easy to remember and follow during the code review process. Lets first begin with the basic code review checklist and later move on to the detailedcode review checklist. BasicCode Review ChecklistLets discuss aboutthe basic code review checklist, which can be very handy if you are a beginner in code reviews and/or during initial code reviews. Whilereviewingthecode,askyourselfthefollowingbasicquestions:
If you feel that the answer is not satisfactory to any of the above questions, then you can suggest/recommend code changes. DetailedCodeReviewChecklistThe following code review checklist gives an idea about the various aspects you need to consider while reviewing the code: 1.CodeformattingWhilegoingthroughthecode, check the code formatting to improve readability and ensure that there are no blockers: a)Usealignments(leftmargin),properwhitespace. Also ensure that code block starting point and ending point areeasilyidentifiable. b)Ensurethatpropernamingconventions(Pascal,CamelCase etc.)havebeenfollowed. c) Code should fit in the standard 14 inch laptop screen. There shouldnt be a need to scroll horizontally to view the code. In a 21 inch monitor, other windows (toolbox, properties etc.) can be opened while modifying code, so always write code keeping in view a14 inch monitor. d) Removethecommentedcodeasthisisalwaysablocker, while going through the code. Commented code can be obtained from Source Control(likeSVN), ifrequired. 2.Architecturea)Thecode should follow thedefinedarchitecture.
3.Codingbestpractices
4.NonFunctionalrequirementsa) Maintainability (Supportability) The application should require the least amount of effort to support in near future. It should be easy to identify and fix adefect.
b)Reusability
c)Reliability Exceptionhandlingandcleanup(dispose)resources. d)Extensibility Easy to add enhancements with minimal changes to the existing code. One component shouldbe easily replaceable by a better component. e)Security Authentication, authorization, input data validation against security threats such asSQL injectionsandCross Site Scripting(XSS), encrypting the sensitive data (passwords, credit card information etc.) f)Performance
g)Scalability Considerifitsupportsalargeuserbase/data?Canthisbedeployedintowebfarms? h)Usability Put yourself in the shoes of aend-user and ascertain, ifthe user interface/API is easy to understand and use. If you are not convinced with the user interface design, then start discussing yourideas with the business analyst. 5.Object-OrientedAnalysisandDesign(OOAD)Principles
In most cases the principles are interrelated, following one principle automatically satisfies other principles. For e.g: if the Single Responsibility Principle is followed, then Reusability and Testability will automatically increase. In a few cases, one requirement may contradict with other requirement. So need to trade-off based on the importance of the weight-age, e.g. Performance vsSecurity. Too many checks and logging at multiple layers (UI, Middle tier, Database) would decrease the performance of an application. But few applications, especially relating to finance and banking require multiple checks, audit logging etc. So it is ok to compromise a little on performance to provide enhanced security. ToolsforCodeReviews
ConclusionThe above code review checklist is not exhaustive, but provides adirection to the code reviewer to conduct effective code reviews anddeliver good quality code. Initially, it would take some time to review the code from various aspects. After a bit of practice, code reviewers can performeffective code reviews, without much effort and time. If you would like to become an expert code reviewer, this code review checklist serves as a greatstarting point.Happy Code Reviewing! Tags: Code review checklist, AdminLTE, MVC Core, AdminLTE Core, ASP.NET Core Categories: Code review checklist | AdminLTE | MVC Core | AdminLTE Core | ASP.NET Core Please enable JavaScript to view the comments powered by Disqus.comments powered by Disqus
|