SoftwareSecurity2012/Group 6/Log

Uit Werkplaats
Ga naar: navigatie, zoeken

Group meeting on 15/04/12. The checking of the code check tools has been assigned to the group members. The responsibilities are as follows:

Timetable

Person Task Time Due Date Remarks
Moe Check RATS 4 hours 18/04/12 None
Özgecan Check RIPS 4 hours 18/04/12 Only tool that detected SQL Injections
Carsten Check Yasca 4 hours 18/04/12 None
Kostas Check CodeSecure 4 hours 18/04/12 None
Arturo Check PHPLint 4 hours 18/04/12 None
Everybody Post comments on Wiki about results and reflection of code scanners 2 hours 18/04/12 None
Everybody Discussion on partial report requirements 3 hours 20/04/12 None
Everybody Improve WIKI content layout as proposed by professor 2 hours 21/04/12 None
Everybody Discussion on verification requirements relevant to our goals 2 hours 21/04/12 Agreed to focus in requirements V6.3 and V6.4
Everybody Discussion on how to perform manual code checking 2 hours 22/05/12 Established to find out how SQL queries and escaping are performed
Everybody Analyze a PHP file containing SQL queries from root directory

Moe login.php
Özgecan db_update.php
Carsten misc.php
Kostas index.php
Arturo admin_users.php

8 hours 22/05/12 Moe and Carsten found out how queries are performed
Everybody Analyze a PHP file containing SQL queries from /include/dlayer/

Moe mysql.php
Özgecan mysqli.php
Carsten mysqli_innodb.php
Kostas sqlite.php
Arturo pgsql.php

2 hours 23/05/12 Learned all <database-type>.php files have similar structure
Everybody Meeting: discussion about first results of analysis 2 hours 26/05/12 Shared discoveries obtained by each team member e.g. how escaping is performed
Moe Write page on DB layer information 3 hours 07/06/12 None
Carsten Write page on SQL statements composition (requirements) 4 hours 07/06/12 None
Arturo Write page on reflection of the whole process 4 hours 09/06/12 None
Kostas Write presentation 4 hours 21/06/12 None
Ely Write page on Wanted Documentation, final checks in all Wiki sections, small individual additions to various sections, edits for coherency and overall flow 4 hours 21/06/12 None