Generate Your Own Security Code Review Checklist Document Using Outlook 2007

• Do you conduct security code reviews? - [Yes/No]
• Do you want to streamline the process of the review? – [Yes/No]
• Do you want to save time and achieve results with much less efforts? – [Yes/No]
• Do you hate writing documents? - [Yes/No]

If the answer is Yes to the questions above then this post is for you. In this post I am going to show how to generate Security Code Review Checklist using patterns & practices Guidance Explorer and Outlook 2007.

Note - Checklist documents can be generated without Outlook 2007 by only using the Guidance Explorer client that is freely available for download here. I am just a big fan of looking for new ways to utilize familiar tools.

Summary of Steps

• Step #1 – Configure your Outlook 2007 to consume patterns & practices Guidance Explorer.
• Step #2 – Customize Outlook 2007 for easier search.
• Step #3 – Identify Security Code Review items among 4000 items.
• Step #4 – Generate Security Code Review Checklist Document.

Next section describes each step in detail.

Step #1 – Configure your Outlook 2007 to consume patterns & practices Guidance Explorer. patterns & practices team has recently released a version of their Guidance Explorer that exposes its online store via RSS. Guidance Explorer consolidates all the guidance patterns & practices ever released covering Security, Performance, and Visual Studio areas. That means you can consume something like 4000 items using RSS reader of your choice. My choice is Outlook 2007. Follow instructions in Consume patterns&practices Guidance Explorer Via RSS Using Outlook 2007 to download all 4000 items for offline use inside Outlook 2007.

Step #2 – Customize Outlook 2007 for easier search. Once Guidance Explorer items downloaded you can start consuming it directly from Outlook 2007. To make it more usable I recommend creating predefined search folders focusing on different disciplines. For example – Security, Performance, and Visual Studio. Follow instructions in Customize Guidance Explorer Inside Outlook 2007 – Find Tech Gold Nuggets Instantly to make it more usable and easy to access relevant information.

Step #3 – Identify Security Code Review items among 4000 others. Now that we are all set let’s build a list of security code inspection items. It is pretty easy with Outlook 2007 built-in instant search capability. Paste “Type: Inspection Question” into search box including the quotes, you should see something similar to this:

Highlight desired items and copy it into the clipboard by pressing Ctrl + C. Create a new folder in Outlook 2007 and paste the items using Ctrl + V. You’ve just created a working checklist ready to be used with the code you want to review. If you have your own insights and want to add it to the checklist – it is easy, just follow instructions in Create Your Own Guidance Explorer Items Inside Outlook 2007.

Step #4 – Generate Security Code Review Checklist Document. Once you are happy with the checklist items you are ready to generate the document. Outlook 2007 does not have such built-in capability, so I developed it by myself. It is really easy with Visual Studio 2005 and Visual Studio Tools For Office [VSTO] or just with Visual Studio 2008. For more information check my post Generate Documents Out Of Mail Items Directly From Outlook 2007. I’ve uploaded a sample checklist document with a few items in it in Word 2003 format with a few items. The document was generated purely using the described approach.

Guidance Explorer comes with an offline client that can do everything I’ve described above including document generation. To learn more about Guidance Explorer watch these cool videos below:

•  What Is: Guidance Explorer (Length :35 - Size: 176 KB)
•  How To: Use Guidance Explorer to Find Guidance (Length 3:29 - Size: 1.5 MB)
•  How To: Export Guidelines to HTML or Word (Length: 1:06 - Size: 550 KB)
•  How To: Build and Share a Customized View (Length: 1:50 - Size: 830 KB)
•  How To: Create or Edit a Guideline (Length: 2:09 - Size: 1.1 MB)

Have fun, Alik Levin

Comments

• Anonymous
  January 15, 2008
  PingBack from http://msdnrss.thecoderblogs.com/2008/01/16/generate-your-own-security-code-review-checklist-document-using-outlook-2007/
• Anonymous
  January 16, 2008
  The comment has been removed
• Anonymous
  January 24, 2008
  How to streamline the process of capturing security flaws during security code review? How to save time
• Anonymous
  January 24, 2008
  How to streamline the process of capturing security flaws during security code review? How to save time
• Anonymous
  February 15, 2008
  You've been kicked (a good thing) - Trackback from DotNetKicks.com
• Anonymous
  July 10, 2008
  Well defined set of search patterns helps significantly reduce time (cost) when performing security code