Difference between revisions of "Project Information:template Access Control Rules Tester Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
Line 34: Line 35:
 
If any, add link here
 
If any, add link here
 
  |}
 
  |}
 
+
----
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
{| style="width:100%" border="0" align="center"
+
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
+
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Access Control Rules Tester Project'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
+
| colspan="6" style="width:85%; background:#cccccc" align="left"|I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed. 
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
+
| style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']
+
| style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Mailing List/Subscribe''']<br>
+
[mailto:owasp-access-control-rules-tester-project@lists.owasp.org '''Mailing List/Use''']
+
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:santon(at)owasp.org '''Steve Antoniewicz''']
+
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:mg_chen(at)yahoo.com '''Min Chen''']<br>[http://www.linkedin.com/in/mgchen Profile]
+
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
* What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf
+
* AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf
+
* Google Code Project page: http://code.google.com/p/accorute/
+
* AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip
+
* AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf
+
* Presentation from OWASP EU Summit 2008 http://accorute.googlecode.com/files/OWASP_EU_Summit_2008_AcCoRuTe.ppt
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
+
|-
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''Sponsored Project/Guidelines/Roadmap''']]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
+
|-
+
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
+
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
+
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>The project undergoes 100% review straight away
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>The project undergoes 100% review straight away
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Beta Quality''' <br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
|-
+
|}
+

Revision as of 09:25, 26 January 2009


PROJECT IDENTIFICATION
Project Name OWASP Access Control Rules Tester Project
Short Project Description I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed.
Key Project Information Project Leader
Andrew Petukhov
Project Contributors
(if applicable)
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Tool
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Provisory Beta Quality
(Waiting for First Review)
Please see here for complete information.

If any, add link here