Project Information:template Source Code Review OWASP Projects - Final Review - Second Reviewer - F

De OWASP
Saltar a: navegación, buscar

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Source Code Review OWASP-Projects Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

  1. Verified that the workflow for introducing static analysis into OWASP projects has been created.
  2. Verified that OWASP projects have been submitted to be analyzed on the owasp.fortify.com site to establish an OWASP baseline. These are AntiSamy, CSRFGuard2, CSRFTester, DirBuster, JBroFuzz, Lapse, Stinger, Webekci, WebGoat, WebScarab
  3. Verified that the project has submitted more than 25 open source PHP applications (besides mySQL) to be analyzed.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

  1. Workflow for introducing static analysis into OWASP projects (100%).
  2. Analyzed 10 OWASP projects (100%).
  3. Analyzed little more then 25 open source PHP projects on owasp.fortify.com (100%).

3. Please do use the right hand side column to provide advice and make work suggestions.

It would be nice to have results aggregated and published for both OWASP projects and PHP projects so statistics can be used on security of open source projects/applications.

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

Basic requirements are satisfied considering that this is not a software release project but rather a project engagement project to use a tool

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

Beta Requirements Are Being Fulfilled.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

N/A

4. Please do use the right hand side column to provide advice and make work suggestions.

The objectives for this project are being fulfilled, no further work suggestion required.

.