SoftwareSecurity2014/Group 2/Log
Uit Werkplaats
Inhoud
Group 2: log
2014-03-28 - first meeting
- Discussed various opensource web applications
- Chose OwnCloud and downloaded the core
- Initial run of Fortify on the source code to see if it would find anything
- A quick look at RIPS and RATS
2014-04-01 - second meeting
- Choose set of requirements: V6: Output Encoding/Escaping (HTML)
- Choose part of the code of OwnCloud to match the requirements: https://github.com/owncloud/core
- Evaluate Fortify results of (preliminary) scan
- Find and install other codescanners: RIPS, RATS
- Run RIPS and RATS on the OwnCloud core
- Evaluate the results of RATS
2014-04-10 - third meeting
- Make a to-do list
- Judith & Joost will look a bit more into RIPS
- Koen & Markus are processing the output of the code scan with RATS
- Assessment of the found errors w.r.t. V6
- We took another look at the OWASP-pdf
- Reflection questions
2014-04-30 - revisiting XSS
- Markus tried to provoke an XSS warning in a minimal example
- Scan ownCloud again, update findings
2014-05-13 - started with part2
- Make a to-do list w.r.t. project part 2
- Start working on various requirements from V6 (specifically, V6.4, V6.5, V6.6, V6.7)
2014-05-27
- Finished working on requirements from last time
- Brainstorm which languages we are going to test for 6.8
- Divide requirements 6.1, 6.2, 6.3
- Plan the last phase of the project (deadline: 6th of June)
2014-06-03
- Finished security requirements
- Completed reflection
- We're almost done. :)
2014-06-10
- Preparing slides/presentation