Project Information:template AppSensor Project 50 Review Second Review E

From OWASP
Revision as of 18:33, 30 July 2008 by MichaelCoates (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP AppSensor Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The goals for the 50% deliverable include: High level planning & design: Complete Identify and define attack patterns against applications: This has been integrated as examples for each of the detection points. Document points of detection within the application for the attack patterns & identify key information to log: 40 Detection points have been documented and categorized by exception type. A description and attack example has been provided for each along with any limitations for the specific detection item. Each of these objectives have been met. The documentation will be updated per reviewer comments.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

Objectives for Phase 1:

  • High Level Planning 100%
  • Attack Patterns 100%
  • Detection Points 100%

3. Please do use the right hand side column to provide advice and make work suggestions.

  • For the detection and response section it is recommend to include an example rules file, how it's included and referenced within the application itself.
  • Clarify how and where the intelligence of the response action takes place. Is this action encapsulated in the rules themselves or within another module. Example: determining response for user fat fingering password vs brute force attempt