SoftwareSecurity2014/Group 6/Log

Uit Werkplaats
Ga naar: navigatie, zoeken
  • 2014-03-30
    • First group meeting. Decided to use MoinMoin Wiki 2.0. Probably with focus on Access Control/Data Protection (not sure, yet)
  • 2014-04-03
    • trying to install Fortify
    • It works on the JavaScript part, but not on the python code
      • [error]: Your license does not allow access to Fortify SCA for Python
    • testing RATS on the Moin2 python code
  • 2014-04-19
    • Because of a lack of available open source tools for vulnerability scanning of Python source code we decided to switch to Roundcube, an open source webmail application mainly written in PHP and Javascript, with <200k lines of code.
    • Ran RATS on the Roundcube code.
  • 2014-04-22
    • Working on Roundcube Version 1.0.0
    • basic analysis of RATS output
    • reflection on basic RATS usage
    • running Fortify on the PHP code of Roundcube
    • some basic reflection on Fortify
  • 2014-04-24
    • Analysis of the RATS output
    • Comparison with the output from Fortify
  • 2014-04-29
    • Report on different prioriy output issues from Fortify (medium priority)
  • 2014-04-30
    • Re-scanned with fortify, trying different options (took 33 minutes this time)
    • manual check of fortify warnings
  • 2014-05-01
    • Scanned with RIPS
  • 2014-05-02, 2014-05-03, 2014-05-04
    • RIPS scan output analysis
  • 2014-05-13
    • beginning with the level 2B analysis
    • familiarizing with the code and the OSWASP ASVS regarding 2B
    • Division of work for the Verification requirements
  • 2014-05-20
    • reading code with focus on requirements V4.12 - V4.14
  • 2014-05-13 – 2014-06-05
    • individual work on the requirements
  • 2014-06-05
    • final meeting
    • discussion and correction of the results
    • reflection about the whole project
  • 2014-06-11
    • working on the presentation
  • 2014-06-12
    • finishing the presentation