SoftwareSecurity2014/Group 1/Log
Uit Werkplaats
< SoftwareSecurity2014 | Group 1
Versie door Erik Schneider (overleg | bijdragen) op 5 jun 2014 om 14:43
- 26-Apr: All deadlines for other classes cleared. Started the project. First meeting set for 28-Apr.
- 28-Apr: Second meeting set for 29-Apr.
- 29-Apr: Second meeting
- Selected FluxBB v1.5.6 and V3,10,11.
- Ran RATS v2.4 like this: "rats -w 3 -l php *.php --html". Got 1 high, 1 medium and 6 low severity hits.
- Ran Fortify and saved results for later. Got 145 critical and 6 high issues.
- Extracted relevant verification requirements (Level 1B and 2B, V3,10,11) from OWASP ASVS 2009 document
- next meeting probably Thursday
- Established todos:
- compare the two tools' results
- run fortify again with custom settings
- analyze critical results that are related to our project
- 30-Apr: Separate work
- Reran RATS with options: "rats -w 3 .". Analyzing subfolders, found 7 new issues
- Reran RATS without php options. Few results, none new
- Requested trial version of Checkmarx
- Ran PHPLint on selected files and evaluated results
- 1-May: Meeting
- Tried Fortify multiple times with different settings, examining different results.
- Interpreted new results from Fortify.
- Ran Doxygen on the source tree.
- Checked all errors found by Fortify against Level 1B requirements
- Entered results and reflected on the use of Fortify, RATS, PHPLint, Doxygen
- 2-May: Separate work
- Wordsmithing
- 4-May: Separate work
- Wordsmithing
- 27-May: Discussion of Erik Poll's feedback
- 29-May: Meeting and group work
- Nearly completed Level 2B requirements for V3
- Begin work on Level 2B requirements for V11
- 30-May: Meeting and group work
- Finished V3 and V11
- Inquiring about V10
- 2-June: Meeting, scheduling
- Alex wrote about V10
- 3-June: Individual reflection
- 4-June: Completed draft of reflections for review
- 5-June: Met to review and discuss reflections section. Comments and modifications continue on an individual basis.
- 6-June: Final edits and transfer to the wiki.