SoftwareSecurity2014/Group 7/Log

Uit Werkplaats
< SoftwareSecurity2014‎ | Group 7
Versie door Alvin Cai (overleg | bijdragen) op 5 jun 2014 om 12:44
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Ga naar: navigatie, zoeken

April 25 - We ran Fortify on with the following commands and analysed the results file with auditworkbench.

sourceanalyzer -b typo3 -clean
sourceanalyzer -b typo3 /var/www/typo3_src-4.5.17/**/*.php
sourceanalyzer -b typo3 -scan -f /data/Documents/TUe/ss/proj/typo3.fpr

We distributed the warnings by class type (e.g. Command injection, path manipulation) for deeper analysis.

May 1 Finished analysis of Fortify warnings.

May 2 Met to discuss the Fortify results and conclusion. Tried out other code analysers such as RIPS, phplint etc. As RIPS seems the most promising, we distributed the different warnings from RIPS amongst the team for deeper analysis. Also discussed our reflections on code scanners

May 3 Finished analysis of RIPS warnings.

May 4 Copy Google documents to wiki pages. Finished Reflections on code scanners.

May 25 Distributed the level 2B requirements amongst the group.

May 31 Discuss initial results and the best strategy for conducting the 2B review.

Jun 5 Met to discuss the final reflections.