SoftwareSecurity2014/Group 10

Group nr. 10

Group members:

• Saurabh Kulkarni (TUE)
• Ben Brücker (RU)
• Tom Tervoort (UU)
• Niels Kamp (UT)

all from university RU/TUE/UT/UU

Case study: Piwigo 2.6.2

Verification Requirements:

• V3. Session Management
• V5. Input validation
• V6. Output Encoding/Escaping
• V7. Cryptography

Deliverables

• Log of what we have been doing so far

The log should be a chronological list of who has been doing what, with dates.

Also useful to document decisions on who will be doing what, and by when.

• Code Scanning Results

This should discuss the results of the code scanning, for the Verfication Requirements your group is looking at.

• Reflection on code scanners

Describe your impressions about the tools, in capabilities, limitations, etc.

Also, did you learn anything about specific security vulnerabilities from using them?

• Verdict on the security requirements

This should give your verdict for each requirement (Pass/Fail/Don't know) with motivation, and an indication of what you did to reach this verdict.

• Reflection on the whole process

Reflect on the whole process of doing a code review, or "Application Security Verification", in the way you did.

Create more sub-pages if you want, of course