Project Information:Sqlibench - Final Review - Self Evaluation - B

From OWASP
Revision as of 04:53, 28 September 2008 by Bedirhan (Talk | contribs)

Jump to: navigation, search

.

50% REVIEW PROCESS

Project Deliveries & Objectives

Sqlibench Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

%90-%95 of the overall deliverables are finished. The three unfinished jobs we have are; creating videos of the preparing the environment (nevertheless written documentation has been produced) and writing webscarab-beanshell scripts in order to show the exploits are real (instead we have created a howto document explaining the testing methodology for other benchmarkers, including example runs of sqlmap)

Additional to the %50 review deliverables, here are other deliverables adding upto the %100 review;

1. xml benchmarking report (http://sqlibench.googlecode.com/files/sqlibench_v2.1.xml)

2. tabular pdf benchmarking report (http://sqlibench.googlecode.com/files/sqlibench_matrix_v2.pdf).

3. updated interactive web application (http://www.webguvenligi.org/sqlibench/web/index.php)

4. benchmarker life saver document (http://code.google.com/p/sqlibench/wiki/HowToBenchmark)

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

%90-%95 of the deliverables are finished with only two empty spots (creating videos of the preparing the testing environment and writing webscarab beanshell scripts in order to show the exploits are real). We've also contacted the most of the sql injectors authors and acquired nonpublished new versions of their tools.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

We'd love to hear comments on the criteria list we have produced (http://code.google.com/p/sqlibench/wiki/BenchmarkingCriteria).

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

None. All criteria seems to be fulfilled.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

None. We don't have any installer, though, which should be ok for documentation projects. Installer for the vulnerable .NET application could have been created but it's well documented howto install it and it's just a small part of the overall project.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

N/A. Status target of the project is Beta.

4. What kind of help is required either from the Reviewers or from the OWASP Community?

None. However, we'd love to hear comments on the criteria list we have produced (http://code.google.com/p/sqlibench/wiki/BenchmarkingCriteria).