Java Code Review Template

[Jian Hui Wang <jhwang () gosecure ca>]

Hi, all,

Do you have any ideas about the Java code review for security issues? 

1) what to review?
The first things on my mind are  input validation and error message handling. But except for that, anything I could pay 
attention too? OWASP top ten? Any special issues for Java?

2) how to review?
I also tried to follow OWASP test framework Part I, but it seems not so workable since the time is limited.

I know the automated tool like PMD, checkstyle can do some job, but they seem more for pretty programming. Any tools do 
your recommend?

3) how much time?
For the time, how many lines that you can review for a day?


Any answer about these questions  will be highly appreciated.


Jian Hui Wang, M.Sc, CSE, CCSE, CCNA 

Security Analyst

Gosecure Inc. 

Venez consulter notre portail SecInfo pour les dernières nouvelles en sécurité:

http://www.gosecure.ca/SecInfo/index.html