SoftwareSecurity2014/Group 1/Log

Uit Werkplaats
Ga naar: navigatie, zoeken
  • 26-Apr: All deadlines for other classes cleared. Started the project. First meeting set for 28-Apr.
  • 28-Apr: Second meeting set for 29-Apr.
  • 29-Apr: Second meeting
    • Selected FluxBB v1.5.6 and V3,10,11.
    • Ran RATS v2.4 like this: "rats -w 3 -l php *.php --html". Got 1 high, 1 medium and 6 low severity hits.
    • Ran Fortify and saved results for later. Got 145 critical and 6 high issues.
    • Extracted relevant verification requirements (Level 1B and 2B, V3,10,11) from OWASP ASVS 2009 document
    • next meeting probably Thursday
    • Established todos:
      • compare the two tools' results
      • run fortify again with custom settings
      • analyze critical results that are related to our project
  • 30-Apr: Separate work
    • Reran RATS with options: "rats -w 3 .". Analyzing subfolders, found 7 new issues
    • Reran RATS without php options. Few results, none new
    • Requested trial version of Checkmarx
    • Ran PHPLint on selected files and evaluated results
  • 1-May: Meeting
    • Tried Fortify multiple times with different settings, examining different results.
    • Interpreted new results from Fortify.
    • Ran Doxygen on the source tree.
    • Checked all errors found by Fortify against Level 1B requirements
    • Entered results and reflected on the use of Fortify, RATS, PHPLint, Doxygen
  • 2-May: Separate work
    • Wordsmithing
  • 4-May: Separate work
    • Wordsmithing
  • 27-May: Discussion of Erik Poll's feedback
  • 29-May: Meeting and group work
    • Nearly completed Level 2B requirements for V3
    • Begin work on Level 2B requirements for V11
  • 30-May: Meeting and group work
    • Finished V3 and V11
    • Inquiring about V10
  • 2-June: Meeting, scheduling
    • Alex wrote about V10
  • 3-June: Individual reflection
  • 4-June: Completed draft of reflections for review
  • 5-June: Met to review and discuss reflections section. Comments and modifications continue on an individual basis.
  • 6-June: Final edits and transfer to the wiki.