Project Information:template AppSensor Project - Final Review - First Reviewer - D

De OWASP
Saltar a: navegación, buscar

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP AppSensor Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Beta Status Reached - All planned activities completed

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

Beta Status Reached - All planned activities completed

3. Please do use the right hand side column to provide advice and make work suggestions.

"The concept of the AppSensor is to detect malicious activity within an application before a user is able to identify and exploit a vulnerability. This objective is possible because many vulnerabilities will only be discovered as a result of trial and error by the attacker."

For clarity, the introduction needs to standardize on some terms to carry through the remainder of the document. Specifically, you need a way to differentiate an innocent, application user from a malicious application user.

In the response section, you start to discuss the possible causes of an alert: unintentional, suspicious, malicious. You then have a bulleted list that uses sightly different terminology, but seems to indicate all cases are malicious. This need clarification.

"Malicious Intent Possible User Error Possible Attack Clear Malicious Activity " Maybe instead of saying "malicious activity" call it "detected activity", then go on to discuss how it will be classified as malicious or not.

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

NA

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

Beta Status has been reached.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

NA

4. Please do use the right hand side column to provide advice and make work suggestions.

None