Project Information:template AppSensor Project - Final Review - Second Reviewer - F

From OWASP
Revision as of 13:00, 1 November 2008 by MichaelCoates (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP AppSensor Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Beta Status Reached - All planned activities completed

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

Beta Status Reached - All planned activities completed

3. Please do use the right hand side column to provide advice and make work suggestions.

AppSensor is a strategy to implement intrusion detection. However, the introduction seems unclear to this point. I would add in a line along the lines of “AppSensor offers prescriptive guidance to implement intrusion detection capabilities into application through the use of standard security controls.”

Illustration of your architecture would be powerful

You assigned a weight/point scale to exception types. I’d elaborate more on how you arrived at those values and discuss the ability to tailor those numbers within organizations. For many places, those numbers may need to be modified. How do you recommend that do this?

I’d really like to see a case study whereby the AppSensor concepts are implemented using ESAPI and WebGoat. Obviously this a lot of work to implement, so a high level document overview describing the process would prove useful.

The document reads to end abruptly. I’d consider adding in some conclusion content discussing “Next Steps” - what should developers, architects, managers do with this guidance? How can best integrate this into my application architectures?

At a high level, I believe you’ve achieved your goals as documented in the original SoC 2008 proposal. I think addressing some of the ideas outlined above would add significant value to your deliverable.

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

NA

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

Best Status Reached

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

NA

4. Please do use the right hand side column to provide advice and make work suggestions.

None