SoftwareSecurity2014/Group 2/Log

Uit Werkplaats
< SoftwareSecurity2014‎ | Group 2
Versie door Koen van Ingen (overleg | bijdragen) op 12 jun 2014 om 18:21 (added 10-06)
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Ga naar: navigatie, zoeken

Group 2: log

2014-03-28 - first meeting

  • Discussed various opensource web applications
  • Chose OwnCloud and downloaded the core
  • Initial run of Fortify on the source code to see if it would find anything
  • A quick look at RIPS and RATS

2014-04-01 - second meeting

  • Choose set of requirements: V6: Output Encoding/Escaping (HTML)
  • Choose part of the code of OwnCloud to match the requirements: https://github.com/owncloud/core
  • Evaluate Fortify results of (preliminary) scan
  • Find and install other codescanners: RIPS, RATS
  • Run RIPS and RATS on the OwnCloud core
  • Evaluate the results of RATS

2014-04-10 - third meeting

  • Make a to-do list
  • Judith & Joost will look a bit more into RIPS
  • Koen & Markus are processing the output of the code scan with RATS
  • Assessment of the found errors w.r.t. V6
  • We took another look at the OWASP-pdf
  • Reflection questions

2014-04-30 - revisiting XSS

  • Markus tried to provoke an XSS warning in a minimal example
  • Scan ownCloud again, update findings

2014-05-13 - started with part2

  • Make a to-do list w.r.t. project part 2
  • Start working on various requirements from V6 (specifically, V6.4, V6.5, V6.6, V6.7)

2014-05-27

  • Finished working on requirements from last time
  • Brainstorm which languages we are going to test for 6.8
  • Divide requirements 6.1, 6.2, 6.3
  • Plan the last phase of the project (deadline: 6th of June)

2014-06-03

  • Finished security requirements
  • Completed reflection
  • We're almost done. :)

2014-06-10

  • Preparing slides/presentation