Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C

From OWASP
Revision as of 21:52, 1 July 2008 by Mroxberr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Demo of enigform/OpenPGP authentication and secure session management proved successful. For final we need how-to documentation that Buanzo is working on at his wiki site published on the OWASP Enigform / mod_OpenPGP site. Also, final review will require a website (Buanzo has one in SVN, but Dinis was interested in using WebGoat) and I'd like a demo of session based attacks against the site with the extensions (maybe we can we use OWASP testing guide examples, see Testing for Session Management)

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

60% (I worked with Buanzo on testing Enigform and mod_openpgp for secure sessions, extensions appear to work).

3. Please do use the right hand side column to provide advice and make work suggestions.

Buanzo is a motivated security developer. Maybe he can provide development guidance after the SoC 2008 for others to learn from.