Ping's personal log
Event Name |
Time Spent |
Date |
Description
|
Code scanning (SWAAT, Yasca) |
2 hours |
March 26 |
Successfully tried SWAAT in Win_Server2003, Yasca in Win7 64bit, failed to load phplint plugin in YASCA. Also tried RATS (in Windows&Ubuntu) but failed.
|
Code scanning (CodeScan) |
2 hours |
April 02 |
Successfully tried CodeScan in Win7 64bit.
|
Code scanning (Fortify) |
3 hours |
April 11 |
Tried and obtained result from Fortify in Win7 64bit, with several low memory warnings.
|
Code scanning (Fortify) |
2 hours |
April 16 |
Tried Fortify second time in in Win7 64bit.
|
Report |
1 hour |
April 21 |
Write report draft for the first task.
|
Install phpBB2 |
1 hour |
May 07 |
Failed to install phpBB 2.0.0, seems it is only compatible with old version MySQL and PHP(MySQL 4 and PHP 4?)
|
Summarize Report |
30 minutes |
May 08 |
Summarize reports from Zhuo.
|
Manual Review 1 |
3 hours |
May 18 |
Install phpBB2, read ASVS requirements
|
Manual Review 2 |
2 hours |
May 26 |
Finish review for V2.1 and V2.9
|
Roberto's personal log
Event Name |
Time Spent |
Date |
Description
|
Fortify license |
5 minutes |
March 25 |
Asked for Fortify license from Fabian.
|
Pixy mirror |
1 hour |
April 07 |
Find Pixy mirrors and contact Pixy's author.
|
Code scanning (RATS, CodeScan, SWAAT) |
3 hours |
April 07 |
Successfully tried RATS and CodeScan. Also tried SWAAT but failed.
|
Code scanning (Fortify) |
3 hours |
April 12 |
Figured out the solution of the Fortify memory problem after reading the documentations and successfully run Fortify and obtain result.
|
CodeSecure License |
10 minutes |
April 13 |
Tried to obtain a license from Armorize for CodeSecure. They promised to contact soon with the trial account.
|
Code scanning (PHP-SAT) |
3 hours |
April 16 |
Tried to get PHP-SAT working. Finally succeeded by using Nix package manager.
|
CodeSecure License |
10 minutes |
April 18 |
Contacted Armorize about the license using email, contact form on the website and Facebook, in hope that someone will finally reply.
|
Code scanning (CodeSecure) |
5 hours |
April 19 |
Finally received reply (and license) from Armorize. Successfully installed and run CodeSecure after several tries.
|
Report |
30 minutes |
April 22 |
Finalize report for first milestone.
|
Wiki |
3 hours |
March 18 -- April 30 |
Various wiki edits/clean up.
|
phpBB2 install |
1.5 hours |
May 3 |
Setup phpBB2 in Apache2 + PHP5. First attempt failed due to incompatibility with PHP5. Turning compatibility features solved this problem.
|
inclued install |
1 hour |
May 3 |
Install inclued and related softwares to create include graphs of phpBB2.
|
ASVS |
2 hour |
May 10 |
Reread the ASVS document, some parts of the code review guide and some other related articles/documents.
|
Read phpBB2 source code (partial) |
4 hours |
May 10 |
Read some of the code and start eliminating irrelevant ones while trying to understand the global design of phpBB2.
|
Examine page links |
3 hours |
May 10 |
Take a closer look on how pages are linked to each other and create a link graph.
|
Finishing |
5 hour |
Jun 23--24 |
Create slides for presentation, various wiki edits
|
Yuanhao's personal log
Event Name |
Time Spent |
Date |
Description
|
Initial tries on Code scanning tools |
2 hours |
April 17 |
RATS and Fortify.
|
Second try on Code scanning tools |
1.5 hours |
April 24 |
Yasca.
|
Wiki PM section |
3 hours |
April 30 |
Create the project management section, set up structures for PM and send out emails. Initialize team meetings.
|
Updates wiki |
1 h |
May 01 |
Update the wiki and set up meeting time.
|
Setup PHP environment |
5 h |
May 07 |
Encounter an unsolved problem in Apache under Vista after one re-installation, tried many things to fix but failed.
|
Setup PHP environment |
2 h |
May 08 |
Set up the environment in Ubuntu instead.
|
Manual checking - Phase 1 |
1.5 h |
May 14 |
Look into the v2.2 v2.4 requirements and start the work on this phase.
|
Manual checking - P2 |
2.5 h |
May 22 |
Check v2.2 and some other minor
|
Manual checking - P3 |
3h |
May 29 |
Check v2.4
|
Manual checking - P3 |
.5 h |
May-30 |
Finalisation
|
Next entry |
x h |
xx-xx |
Abc.
|
Ville's personal log
Event Name |
Time Spent |
Date |
Description
|
Code Scannig (RATS) |
2 hours |
April 29 |
Tested under Ubuntu 10.10 i386 32bit. It had compile time dependency for libexpat1-dev and after that installation succeed. I also made an .deb package so that the other people can install it rather easily (only i386 32bit, sorry). It is available via: DropBox Notice! You will also need a vulnerability database which is located in rats-2.3.tar.gz package. Name of the database is rats-php.xml.
|
Fortify |
- hours |
April 30 |
Tested Fortify. Better info coming soon.
|
Wiki entries |
30 mins |
May 8 |
Updated wiki entries here and there.
|
Try to install phpBB2 and the environment |
3 h |
May 9 |
Installed OpenBSD under virtual machine to provide test environment for PHPBB2. OBSD uses heavily modified Apache and therefore shipped 1.3.x version is very different from original Apache. phpBB2 installation failed due too new software.
|
RATS script |
10 min |
May 9 |
Provide a script which automates checking. Available via DropBox
|
Install phpBB2 and the environment |
2 h |
May 19 |
Installed older OpenBSD which had MySQL 4 and PHP 4.
|
Misc tasks |
2 h |
May 9 - 20 |
Miscellaneous tasks regarding the phpBB2 environment, scripting, wikipages and analyzing.
|
Manual code checks |
3 h |
May 20 - 21 |
Complete the manual code checking part.
|