Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D

From OWASP
Revision as of 17:13, 4 February 2009 by Santoniewicz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Access Control Rules Tester Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Each defined goal has been met, with the exception of the following:

  • AcCoRuTe functionality including site spider. Basic features: Javascript (and AJAX) is interpreted by Rhino in order to get more site links; forms are filled in by operator.

This is acceptable, as the application utilizes a third-party tool instead to provide this spidering feature.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

100% has been attained for all goals.

3. Please do use the right hand side column to provide advice and make work suggestions.

  • The document(s) should be on some sort of OWASP letterhead or word document template.
  • In order to be release quality, the english grammar will need to be reviewed and mistakes will need to be corrected.
  • Utilizing Wikipedia / Blogs as reference points are generally not considered credible. Is it possible to reference more credible references?
  • The Requirements to run the tool are stated as "• At least 50 GB of available HDD space. " Is this true?
  • When attempting to run the tool, it complained that I needed to set the JAVA_HOME environment variable, although I have run many java applications (for example Paros) within windows and have not had to use this. Is there a way around this requirement (for ease of set-up)? If not, maybe include these instructions
  • Several of the instructions relating to setting up Burp Proxy are incorrect, as burp has updated to version 2 and changed many options.
    • Going forward, it would be desirable to remove the dependancy of Burp Proxy.
PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

None

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

None

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

The follwong criteria of Release quality are not met:

  • Be reasonably easy to use. This requires the future users of AcCoRuTe to submit their remarks and proposals.
  • Include online documention built into tool (based on required user documentation).
  • Be run through Fortify Software's open source review (if appropriate) and FindBugs.

4. Please do use the right hand side column to provide advice and make work suggestions.

Comments are within the above section