Monday, October 6, 2008

Code Review Checklist for ASP.NET

I'm supposed to do a code review for an externally developed ASP.NET application on my job this week. I'm posting here some guidance to perform this review.
The goal of the review should be
  • The code satisfies the requirements
  • The code is robust (ie stable and should be descriptive in case of error)
  • The code handles wrong inputs (SQL/XSS Injection!)
  • The code is scalable
  • The code is extensible and maintainable
(free to Zysman).

Microsoft has a couple of checklists about these topics (unfortunately for .NET 1.1). Useful are: Securing ASP.NET, Security Review for Managed Code and Code Review for .NET Application Performance. And just found the guide for the .NET 2.0 version: How To: Perform a Security Code Review.

No comments: