Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F

From OWASP
Revision as of 21:58, 15 March 2009 by Bradcausey (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

All objectives are complete to my observation. Because of how modular the implementation of server headers are done, this would be easy to use in ASP.NET or any other language. We didn't use WebGoat, instead opting for Word Press. This is actually better because it allows for implementation into an application that is used in production and results can be easily replicated. All documentation is great and I have personally tested each feature successfully.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

100%

3. Please do use the right hand side column to provide advice and make work suggestions.

Creating modules for other open source applications such as DNN and WebGoat could be future goals.
PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

Because this isn't a 'Single Component Application' it would be difficult to centrally house all code. Today, each component is housed in the appropriate location, mozdev.org, and wordpress. Also, this project addresses the core insecurity of the HTTP protocol.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

The client does use a GUI (FireFox addons tool and PGP). The server side cannot use a GUI because it is being installed on a web server (most of which have no GUI for security reasons). The server side installation is comparable to other web security addons, and offers much more protection by comparison.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

N/A

4. Please do use the right hand side column to provide advice and make work suggestions.

See previous suggestions.