Software Security/Group 9/Personal Logs

Uit Werkplaats
< Software Security‎ | Group 9
Versie door Roberto Lie (overleg | bijdragen) op 24 jun 2011 om 16:47
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Ga naar: navigatie, zoeken
Warning: Please avoid writing time and updating logs only a short time before the deadline for the whole project. This will make your contribution much less credible!


Personal Logs

Ping Chen

Ping's personal log
Event Name Time Spent Date Description
Code scanning (SWAAT, Yasca) 2 hours March 26 Successfully tried SWAAT in Win_Server2003, Yasca in Win7 64bit, failed to load phplint plugin in YASCA. Also tried RATS (in Windows&Ubuntu) but failed.
Code scanning (CodeScan) 2 hours April 02 Successfully tried CodeScan in Win7 64bit.
Code scanning (Fortify) 3 hours April 11 Tried and obtained result from Fortify in Win7 64bit, with several low memory warnings.
Code scanning (Fortify) 2 hours April 16 Tried Fortify second time in in Win7 64bit.
Report 1 hour April 21 Write report draft for the first task.
Install phpBB2 1 hour May 07 Failed to install phpBB 2.0.0, seems it is only compatible with old version MySQL and PHP(MySQL 4 and PHP 4?)
Summarize Report 30 minutes May 08 Summarize reports from Zhuo.
Manual Review 1 3 hours May 18 Install phpBB2, read ASVS requirements
Manual Review 2 2 hours May 26 Finish review for V2.1 and V2.9

Zhuo Chen

Zhuo's personal log
Event Name Time Spent Date Description
Topic selection 5 minutes March 21 Notify the professor about the group topic.
Code scanning(Yasca) 1 hour April 13 Tried the tool without plugins.
Code scanning(Fortify) 2 hours April 15 Tried Fortify, encounter some problem while running.
Code scanning(Fortify) 2 hours April 19 Suceessfully solve the problem according to the message written on the wiki.
Code scanning(rats) 1 hours April 19 Tried rats, but failed.
Read report(Codescan) 30 minutes April 19 Read the tool scanning result provided by Roberto.
Install phpbb2 1 hour 9 May Failed to install it in Apache 2+PHP5.

Zong Guo

Zong's personal log
Event Name Time Spent Date Description
no tools can be used on MacOS 10.6.6 May 3rd read logs from others
setup phpBB on MacOS 10.6.6 4 hours May 6th php 4 apache 2 mysql 4.1 phpmyadmin 2.5
manual code scan 8 hours May 10th check /admin
manual code scan 7 hours May 16th check /admin
manual code scan 4 hours May 23th check /includes
post previous log 1 hour May 23th
manual code scan 5 hours May 23th check /includes
manual code scan, post log, searching admin authentication vulnerabilities 7 hours May 24th check / and search on Internet
post log 30 mins May 25th

Roberto Lie

Roberto's personal log
Event Name Time Spent Date Description
Fortify license 5 minutes March 25 Asked for Fortify license from Fabian.
Pixy mirror 1 hour April 07 Find Pixy mirrors and contact Pixy's author.
Code scanning (RATS, CodeScan, SWAAT) 3 hours April 07 Successfully tried RATS and CodeScan. Also tried SWAAT but failed.
Code scanning (Fortify) 3 hours April 12 Figured out the solution of the Fortify memory problem after reading the documentations and successfully run Fortify and obtain result.
CodeSecure License 10 minutes April 13 Tried to obtain a license from Armorize for CodeSecure. They promised to contact soon with the trial account.
Code scanning (PHP-SAT) 3 hours April 16 Tried to get PHP-SAT working. Finally succeeded by using Nix package manager.
CodeSecure License 10 minutes April 18 Contacted Armorize about the license using email, contact form on the website and Facebook, in hope that someone will finally reply.
Code scanning (CodeSecure) 5 hours April 19 Finally received reply (and license) from Armorize. Successfully installed and run CodeSecure after several tries.
Report 30 minutes April 22 Finalize report for first milestone.
Wiki 3 hours March 18 -- April 30 Various wiki edits/clean up.
phpBB2 install 1.5 hours May 3 Setup phpBB2 in Apache2 + PHP5. First attempt failed due to incompatibility with PHP5. Turning compatibility features solved this problem.
inclued install 1 hour May 3 Install inclued and related softwares to create include graphs of phpBB2.
ASVS 2 hour May 10 Reread the ASVS document, some parts of the code review guide and some other related articles/documents.
Read phpBB2 source code (partial) 4 hours May 10 Read some of the code and start eliminating irrelevant ones while trying to understand the global design of phpBB2.
Examine page links 3 hours May 10 Take a closer look on how pages are linked to each other and create a link graph.
Finishing 5 hour Jun 23--24 Create slides for presentation, various wiki edits

Yuanhao Sun

Yuanhao's personal log
Event Name Time Spent Date Description
Initial tries on Code scanning tools 2 hours April 17 RATS and Fortify.
Second try on Code scanning tools 1.5 hours April 24 Yasca.
Wiki PM section 3 hours April 30 Create the project management section, set up structures for PM and send out emails. Initialize team meetings.
Updates wiki 1 h May 01 Update the wiki and set up meeting time.
Setup PHP environment 5 h May 07 Encounter an unsolved problem in Apache under Vista after one re-installation, tried many things to fix but failed.
Setup PHP environment 2 h May 08 Set up the environment in Ubuntu instead.
Manual checking - Phase 1 1.5 h May 14 Look into the v2.2 v2.4 requirements and start the work on this phase.
Manual checking - P2 2.5 h May 22 Check v2.2 and some other minor
Manual checking - P3 3h May 29 Check v2.4
Manual checking - P3 .5 h May-30 Finalisation
Next entry x h xx-xx Abc.

Ville Valkonen

Ville's personal log
Event Name Time Spent Date Description
Code Scannig (RATS) 2 hours April 29 Tested under Ubuntu 10.10 i386 32bit. It had compile time dependency for libexpat1-dev and after that installation succeed. I also made an .deb package so that the other people can install it rather easily (only i386 32bit, sorry). It is available via: DropBox Notice! You will also need a vulnerability database which is located in rats-2.3.tar.gz package. Name of the database is rats-php.xml.
Fortify - hours April 30 Tested Fortify. Better info coming soon.
Wiki entries 30 mins May 8 Updated wiki entries here and there.
Try to install phpBB2 and the environment 3 h May 9 Installed OpenBSD under virtual machine to provide test environment for PHPBB2. OBSD uses heavily modified Apache and therefore shipped 1.3.x version is very different from original Apache. phpBB2 installation failed due too new software.
RATS script 10 min May 9 Provide a script which automates checking. Available via DropBox
Install phpBB2 and the environment 2 h May 19 Installed older OpenBSD which had MySQL 4 and PHP 4.
Misc tasks 2 h May 9 - 20 Miscellaneous tasks regarding the phpBB2 environment, scripting, wikipages and analyzing.
Manual code checks 3 h May 20 - 21 Complete the manual code checking part.