SoftwareSecurity2014/Group 10/Log

Uit Werkplaats
< SoftwareSecurity2014‎ | Group 10
Versie door Erik Poll (overleg | bijdragen) op 5 jun 2014 om 16:52 (Log)
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Ga naar: navigatie, zoeken

Log

March 21: Start of the project. Group initially consists of Saurabh and Tom. First week devoted to installing Fortify and picking a case study.

March 28: Selection of PHP library Piwigo as the case study. Ben joins the group. Executed Fortify and RATS on source code. Inspection of reports.

April 5: Discussed error reports. Verification requirements selected. Identified several subtopics within requirements. Picked first subtopics to focus on (namely password hashing and SQL injection).

April 11: Ben analysed a large amount of SQL query vulnerabilities reported by Fortify and wrote a report about their approaches to forming SQL and the underlying issues, along with a list of specific examples of exploitable vulnerabilities. Tom examined and described the password hashing library used by Piwigo and identified problems with it, then proposed a simple fix. Niels joins the group.

April 18: ...... (Erik:meaning...?)

April 25: Discussed progress and findings. Writing the first two wiki pages (reflecting on the analysis tools and discussing the reports) assigned to Niels and Saurabh. The next subtopics have been picked and assigned: XSS (Ben), session management (Tom), file uploading (Saurabh), file inclusion (Niels).

May 23: No discussion due to external events.

May 30: No discussion due to Ascension Day.

June 2: Discussed progress and findings. Final task distribution is made.


........................