Difference between revisions of "Project Information:template Access Control Rules Tester Project"

From OWASP
Jump to: navigation, search
Line 22: Line 22:
 
  | style="width:100%; background:#cccccc" align="center"|
 
  | style="width:100%; background:#cccccc" align="center"|
 
* [[:Image:Andrew Petukhov- Business Logic Vulnerabilities.doc|Business Logic Vulnerabilities]]
 
* [[:Image:Andrew Petukhov- Business Logic Vulnerabilities.doc|Business Logic Vulnerabilities]]
 +
* http://code.google.com/p/accorute/
 
* (If appropriate, more links to be added)
 
* (If appropriate, more links to be added)
 
  |}
 
  |}
Line 40: Line 41:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''  
 
  | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''  
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>The project undergoes 100% review straight away |See&Edit:50% Review/Self-Evaluation (A)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
Line 46: Line 47:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''  
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''  
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Season of Code''' - Beta Quality<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
 
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]

Revision as of 15:56, 14 September 2008

PROJECT IDENTIFICATION
Project Name OWASP Access Control Rules Tester Project
Short Project Description The author believes that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). My proposal is to create a systematic approach that addresses business logic vulnerabilities.
Email Contacts Project Leader
Andrew Petukhov
Project Contributors
(if applicable)
Name&Email
Mailing List/Subscribe

Mailing List/Use

First Reviewer
Mat Caughron
Profile
Second Reviewer
Min Chen
Profile
OWASP Board Member
(if applicable)
Name&Email
PROJECT MAIN LINKS
SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008 Sponsored Project/Guidelines/Roadmap
ASSESSMENT AND REVIEW PROCESS
Review/Reviewer Author's Self Evaluation
(applicable for Alpha Quality & further)
First Reviewer
(applicable for Alpha Quality & further)
Second Reviewer
(applicable for Beta Quality & further)
OWASP Board Member
(applicable just for Release Quality)
50% Review Objectives & Deliveries reached?
Yes
---------
The project undergoes 100% review straight away |See&Edit:50% Review/Self-Evaluation (A)]]
Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit: 50% Review/1st Reviewer (C)
Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit: 50%Review/2nd Reviewer (E)
X
Final Review Objectives & Deliveries reached?
Yes
---------
Which status has been reached?
Season of Code - Beta Quality
---------
See&Edit: Final Review/SelfEvaluation (B)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/1st Reviewer (D)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/2nd Reviewer (F)
X