SoftwareSecurity2014/Group 8

Group nr. 8

Group members:

• Inés Carvajal Gallardo
• Max Kerkers
• Dirk Maan
• Herman Slatman
• Iwan Timmer

all from UTwente

(Erik:Good work!)

Topic: Input Validation for Wordpress 3.8.1

Deliverables

• Log of what we have been doing so far

The log should be a chronological list of who has been doing what, with dates.

Also useful to document decisions on who will be doing what, and by when.

• Case Study Wordpress 3.8.1

This section gives a brief overview of our case study.

• Code Scanning Results

This section discusses the results of the code scanning for our Verification Requirements.

• Reflection on code scanners

Our impressions of the tools in capabilities, limitations, etc, and what we learned from them about specific security vulnerabilities.

• Level 2B Code Review

The results of manual code review for part 2B

• Verdict on the security requirements

Our verdict for each requirement (Pass/Fail/Don't know) with motivation and an indication of what we did to reach this verdict.

• Reflection on the whole process

Our reflection on the whole process of doing a code review, or "Application Security Verification", in the way we did.