SoftwareSecurity2013/Group 9/Planning
Uit Werkplaats
Planning second part
Deadline | Who | What |
---|---|---|
17-05-2013 | Steffen | 1B review of Code Correctness and System Information Leak |
17-05-2013 | Ko | 1B review of some other tool |
31-05-2013 | Jascha | 2B of XSS: Persistent and XSS: Poor Validation |
31-05-2013 | Steffen | 2B of XSS: Reflective |
31-05-2013 | Ko | 2B of System Information Leak and Code correctness |
7-06-2013 | All | Verdict on the security requirements, reflection on the whole process |
14-06-2013 | All | Finish everything |
19-06-2013 | n.v.t. | Deadline |
21-06-2013 | n.v.t. | Presentations |
Categories:
- XSS: Persistent
- XSS: Poor Validation
- XSS: Reflective
- Code Correctness: Regular Expressions
- System Information Leak
RATS:
is useless
Other tools:
- CheckMarx
- RIPS
- PHPLint(useless)
- Yasca (gloriefied grep script)
- Bugscout
- Pixie
2B analysis:
- Analyze all Fortify results point by point.
- Report for each category about:
- reason why an issue is a vulnerability;
- severity of the vulnerability (and does it match with Fortify);
- how it could be solved.
TODO:
- Rewrite and refurbish all pages.
- Verdict on the security requirements.
- Reflection on the whole process.
- Finish off everything and make things consistent.