Hulp
Boekenmaker (uitschakelen)

Software Security/Group 3/Log

Uit Werkplaats
Ga naar: navigatie, zoeken

Log

This log is by no means up to complete. It should merely give a general indication of when the group was focused on which subjects. It should not be meant for auditing to see exactly whom did what at what time, or to check if everyone contributed equally. Some people logged less items here or chose to only log big sessions instead of a few smaller ones. The group believes workload has been equally distributed across the members.


Date Activity By
March 26 Formed group All
March 27 Picked subject All
April 09 Setting up testing environment with phpbb2 and codescanning tool RATS Jeroen
April 10 Studying exception constructions in PHP and common in software All
April 11 Codescanning with RATS Jeroen
April 11 Manually queyring the software for common Exception flaw described in the literature Jeroen
April 19 10.15 Meeting to discuss the code analysing tools All
April 19 Updating planning, adding Error Handling and Logging Verification Requirements Jeroen
April 19 Installing Yasca and the plugins. Codescanning with Yasca Hugo
April 19 10.45 Finaly got SWAAT to run in a Windows XP vm, with an old version of .NET Robbert
April 19 11.30 Setting up a git repo to store results Robbert
April 19 12.30 Manually browsing through the code, manually 'testing' the forum [and lunch] Robbert
April 19 13:30 Setting up PHP-SAT Robbert
April 19 14:20 Running PHP-SAT on certain files Robbert
April 19 14:30-16:15 Interpreting the results Robbert
April 19 Install and run Pixy Niels
April 21 Updating report Jeroen
April 21 11:00 Progress meeting All
April 21 11:35 Analyzing output tools & Updating the wiki Robbert
April 21 More attempts at running Pixy Niels
April 22 Pixy report Niels
May 10 Update planning Jeroen
May 12 Updating some comments of Erik Poll Jeroen
May 24 Update planning Jeroen
May 24 Grepping through the source code for v8.9 Hugo
June 1 Created&updated section v8.1 with previous results Robbert
June 6 Update planning and v8.2 Jeroen
June 8 Update planning and v8.3 Jeroen
June 8 Analysed and reported on requirement v8.6 Robbert
June 8 Updated verdict Robbert
June 15 Finalizing Yasca review and restructuring wiki pages Hugo
June 17 Minor modifications to verdict page and requirement V8.6 Robbert
June 17 Added 'top10' page linking our research to previous OWASP Top 10. Modified deliverable page Robbert
June 17 Major restructuring of the code scanning results pages Robbert
June 17 Updated Pixy, answers to comments Niels
June Manual Codescan Niels
June 17 Thorough review of function message_die Niels
June 17 Presentation All
June 24 Presentation All


To do

Workpackage nr Task Assigned to Status
1 Study literature, OWASP AVL All Finished
2 Pixy install, run, update, give opinion Niels Finished
3 PHP-SAT install, run, update, give opinion Robbert Finished
4 SWAAT install, run, update, give opinion Robbert Finished
5 RATS install, run, update, give opinion Jeroen Finished
6 Yasca install, run, update, give opinion Hugo Finished
7 Codescan install, run, update, give opinion nobody Skipped
8 Codesecure install, run, update, give opinion nobody Skipped
9 Fortify install, run, update, give opinion Bert Finished
10 Manual check results, Read and analyse code manually All Finished
11 Processing results in single report relevant to the OWASP v8 part All Finished
12 Fixing Eriks recommandations All Finished
13 Adding more arguments to claims and assumptions (also part of 12) All Finished
14 Requirement v8.1, v8.6 Robbert Finished
15 Requirement v8.4, v8.5, filesplit Bert Finished
16 Requirement v8.10, v8.7 Niels Finished
17 Requirement v8.11, v8.9 Hugo Finished
18 Requirement v8.2, v8.3 Jeroen Finished
19 Requirement v8.8 Bert Finished
20 Requirement v8.12 Hugo Finished
21 Extending Reflection All Finished
Overgenomen van "https://lab.cs.ru.nl/algemeen/index.php?title=Software_Security/Group_3/Log&oldid=162454"