Difference between revisions of "Project Information:template Access Control Rules Tester Project"

From OWASP
Jump to: navigation, search
(New page: {| style="width:100%" border="0" align="center" ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' |- | style="width:...)
 
Line 6: Line 6:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|Skavenger is a web application security assessment toolkit which arised from many years of professional experience in the web application assessment field and is the result of nearly one your of work. It passively analyzes traffic logged by various MITM proxies (such as WebScarab and Burp) as well as other sources (like Firefox's LiveHTTPHeader plugin) and helps to identify various kinds of possible vulnerabilities (such as XSS, CRLF injection, an insecure session management and several kinds of information disclosure). Skavenger's modular design allows the integration of custom scanning modules without any knowledge about the tool at all.  
+
  | colspan="6" style="width:85%; background:#cccccc" align="left"|The author believes that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). My proposal is to create a systematic approach that addresses business logic vulnerabilities.  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:mro(at)securenet.de '''Matthias Rohr''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']
 
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
 
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
  | style="width:14%; background:#cccccc" align="center"|[mailto:Owasp-skavenger@lists.owasp.org '''Project Mailing List''']
+
  | style="width:14%; background:#cccccc" align="center"|[mailto:Owasp-Access-Control-Rules-Tester-Project@lists.owasp.org '''Project Mailing List''']
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:to(at)change '''Rogan Dawes''']
+
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:caughron(at)gmail.com Mat Caughron]<br>TBC
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:ah@securenet.de '''Achim Hoffmann''']
+
  | style="width:14%; background:#cccccc" align="center"|[mailto:mg_chen(at)yahoo.com Min Chen]<br>TBC
 
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
 
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
 
  |}
 
  |}
Line 20: Line 20:
 
  |-
 
  |-
 
  | style="width:100%; background:#cccccc" align="center"|
 
  | style="width:100%; background:#cccccc" align="center"|
* Skavenger is completely written in Perl and can be downloaded from [https://sourceforge.net/projects/skavenger/ Skavenger.]
 
 
* (If appropriate, links to be added)
 
* (If appropriate, links to be added)
 
  |}
 
  |}
Line 27: Line 26:
 
  |-
 
  |-
 
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]  
 
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]  
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Skavenger|'''Sponsored Project/Guidelines/Roadmap''']]
+
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''Sponsored Project/Guidelines/Roadmap''']]
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"

Revision as of 05:53, 14 June 2008

PROJECT IDENTIFICATION
Project Name OWASP Access Control Rules Tester Project
Short Project Description The author believes that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). My proposal is to create a systematic approach that addresses business logic vulnerabilities.
Email Contacts Project Leader
Andrew Petukhov
Project Contributors
(if applicable)
Name&Email
Project Mailing List First Reviewer
Mat Caughron
TBC
Min Chen
TBC
OWASP Board Member
(if applicable)
Name&Email
PROJECT MAIN LINKS
  • (If appropriate, links to be added)
SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008 Sponsored Project/Guidelines/Roadmap
ASSESSMENT AND REVIEW PROCESS
Review/Reviewer Author's Self Evaluation
(applicable for Alpha Quality & further)
First Reviewer
(applicable for Alpha Quality & further)
Second Reviewer
(applicable for Beta Quality & further)
OWASP Board Member
(applicable just for Release Quality)
50% Review Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit:50% Review/Self-Evaluation (A)
Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit: 50% Review/1st Reviewer (C)
Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit: 50%Review/2nd Reviewer (E)
X
Final Review Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/SelfEvaluation (B)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/1st Reviewer (D)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/2nd Reviewer (F)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See/Edit: Final Review/Board Member (G)