Quick IncubatorToolsCode Evaluation

=Evaluation Date : 3rd September 2014=

Summary
Project is active even though it needs to create a Roadmap. Also better guidelines for Developers can help the project get more volunteers. Since this is a library to be implemented, we expect better documentation for users on this part.

Uniqueness/Originality
A library quite unique among OWASP projects

Level of Maturity
Incubator, potential to become LAB

OWASP_Java_XML_Templates_Project
http://lists.owasp.org/pipermail/owasp-java-xml-templates/

Summary
Project is inactive no developments since 2011

Level of Maturity
Incubator - Inactive

Summary
Project has not updated its wiki in a year. The project repository is active but we need to remember that these are just rules that most be used with http://nginx.com/ which is a commercial tool. You get the rules for free but you need to buy the Web Firefall. Rules alone do not work

Level of Maturity
Does not fit with OWASP open source vision

Summary
Project is using an old wiki template but information is quite complete. A simple guideline was found on the wiki and very good track record fixing issues. We suggest to have a mailing list. Needs more work on documentation to get more contributors and users.

Level of Maturity
Incubator

Uniqueness/Originality
This is another Broken application for pen testing. The project claims to not only to be a learning tool for beginners pen testers but also for professionals with higher level of challenges.

Summary
Project has excellent documentation, Nice external website and wiki page, including videos for Users but there are no issues(only 1 and is closed). Last year it was a very active project present on different Appsec conferences. Need more documentation for new developers, if project plans to get new contributors

Level of Maturity
LAB candidate, howveer we are not seen much activity so far, for this reason we cannot upgrade this project to this status. Must contact Project leader

Uniqueness/Originality
This is a tool for pen testing XSS vulnerabilities, it focuses only on that. The interface is really nice compare to other OWASP tools.It claims it ha sless false positives and able to find more XSS than other tools

=Evaluation Date : 5th September 2014=

Summary
Wiki template is very complete. The project is an OS/Virtual machine, not easy to host on a repository so we understand the challenges to make this available using a repository. What I miss here are instructions or clarifications, such as a reference to the Mantra Framework project and Guidelines and User guides for first time users.

Level of Maturity
Incubator

Uniqueness/Originality
It combines Mantra and other Broken Apps

Summary
The project had a very inactive/dormant period last year, and later picked up after a year in recession. The Project has some basic documentation but it should have more to make it clear for users how the project can be built properly and the OS supported.Wiki page is very abstract and has very little information about the project, Releases and Roadmap. Based on the mailing list, it has been very quite and little reaction from the public. Little activity in the bug list (1 bug fixed). We don't have the impression there is a group of users. Project should work on improving its documentation, add some print screens and videos can help a lot for user adoption

Level of Maturity
Incubator

Uniqueness/Originality
This is another Broken app but for apple mobile devices.

Summary
Very active project, on github. Project leader is also very active promoting the project at different conferences. Tools also won an award and is doing an excellent work like no other OWASP tool does which is to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. Excellent documentation.Based on the level of maturity it can become a LAB project

Level of Maturity
LAB candidate

Uniqueness/Originality
No other OWASP tool does this specific work, which is highly challenging to achieve.

Summary
This is another Broken App in PHP/MySQL. Last activity or commit was last year, December 2013.Last activity in the Blog dates from November 2013. Mailing list and Twitter activity also dates from last year which it seems the project came to a stop around that time. Project has very nice instructional videos on You Tube and pretty good materials for Users

Level of Maturity
Incubator/Potential to become LAB but is Dormant/Inactive.Must contact Project leader for more info

Uniqueness/Originality
It combines Mantra Framework, PHP/MySQL and it's done in the same style as WebGoat but with very nice GUI and Videos

=Evaluation Date : 6th September 2014=

Summary
Wiki template is very complete. This project has a high level of activity, excellent record fixing issues, Documentation for engaging new developers and Users.

Level of Maturity
Very Stable, has LAB quality, Flagship Candidate. Upgraded to LAB status. Next review if maintains activity level, we will upgraded to Flagship because of its quality, level of activity and uniqueness

Uniqueness/Originality
This is an excellent and unique tool amonth OWASP. No other does the same job