SoftwareSecurity2012/Group 7

Group nr. 7

Group members:

• Nurul Akbar
• Gaurav Misra
• Saud Khan
• Terence Slot
• Marco Corradin

all from university UT

Topic: Verification Requirements V4: Access Control

One word of advice: Use Notepad++ for code review. This program contains an feature to look for search keywords in multiple files at once and it adapts to PHP syntax.

Deliverables

• Log of what we have been doing so far

The log should be a chronological list of who has been doing what, with dates.

Also useful to document decisions on who will be doing what, and by when.

• Code Scanning Results

This should discuss the results of the code scanning. Insofar as possible, put the focus on these from the point of view of the Verfication Requirements your group is looking at, but also point out, but then briefly, findings that might be interesting for other groups.

• Reflection on these code scanners

Describe your impressions about the tools, in capabilities, limitations, etc.

Also, did you learn anything about specific security vulnerabilities from using them?

• Verdict on the security requirements

This should give your verdict for each requirement (Pass/Fail/Don't know) with motivation, and an indication of what you did to reach this verdict.

• Documentation about phpbb we would have wanted

Describe the sort of documentation you would have wanted about phpbb, to make your security review easier.

This can be design decisions, description of the overall architecture and organisation, policies used in the application, styles or guidelines adhered to in the actual coding.

• Reflection on the whole process

Reflect on the whole process of doing a code review, or "Application Security Verification", in the way you did.

Create more sub-pages if you want, of course