1. Software Standards Specification
  2. Software Requirements Definition
  3. Software Best Practices
  4. Input Validation
  5. Output Validation
  6. Cookie Requirements
  7. Access Failure Error Checking
  8. Buffer Overflow
  9. Code Structure
  10. Software Functions
  11. Software Modules
  12. Requirements for Variables
  13. Software Code Comment Requirements
  14. Quality Code Requirements
  15. Software Code Review
  16. Software Code Testing Requirements
  17. Software Change Control

    Security Best Practices

  18. Secure Functional Requirements
  19. Account Creation
  20. Change Password
  21. Forgot Password
  22. Personal Question
  23. Contact Webmaster
  24. CAPTCHA Tests
  25. Answer Verification

Software Code Review

Lists requirements for software code reviews.

  • Someone other than the programmer of the code must review the code.
  • The reviewer should review for specific flaws (perspective such as memory use or thread control) at a single time.
  • Code should be checked for buffer overflows, poor structure, inadequate or inaccurate comments, and other security flaws. Comments must be logged.
  • After changes are made, the reviewer will review the changes.
  • Code is required to be compiled, be unit tested, and pass most system tests before being reviewed for flaws.
  • Set dates for code review completion but do not require formal meetings. A code review may be done by two or three people when they are available. Use no more than two reviewers for each perspective.
  • Code reviewers should be trained in spotting flaws.
  • Management should not be involved in the review process other than to be sure it is done.
  • Code shall not be redesigned in the review but review comments must be logged.
  • Coding standard violations shall be noted for fixing but not dwelt upon or blame be given.
  • After the initial code review, only review changed code or potentially affected code when changes are made.
  • Every issue from the review must be fixed or agreed by the team that it is not an issue.
  • When bugs are discovered that were not found during a code review, assess the review process to try to find a way to modify it to find those types of bugs.