https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Min+Chen OWASP - User contributions [en] 2026-04-26T15:07:33Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project&diff=45636 Project Information:template Access Control Rules Tester Project 2008-11-03T16:55:29Z <p>Min Chen: </p> <hr /> <div>{| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;7&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Project Name'''<br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;'''OWASP Access Control Rules Tester Project''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Short Project Description''' <br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed. <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Email Contacts'''<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Leader&lt;br&gt;[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Contributors&lt;br&gt;(if applicable)&lt;br&gt;[mailto:to(at)change '''Name&amp;Email''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Mailing List/Subscribe''']&lt;br&gt;<br /> [mailto:owasp-access-control-rules-tester-project@lists.owasp.org '''Mailing List/Use''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|First Reviewer&lt;br&gt;[mailto:caughron(at)gmail.com '''Mat Caughron''']&lt;br&gt;[http://www.linkedin.com/pub/1/A84/998 Profile]<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Second Reviewer&lt;br&gt;[mailto:mg_chen(at)yahoo.com '''Min Chen''']&lt;br&gt;[http://www.linkedin.com/in/mgchen Profile]<br /> | style=&quot;width:15%; background:#cccccc&quot; align=&quot;center&quot;|OWASP Board Member&lt;br&gt;(if applicable)&lt;br&gt;[mailto:name(at)name '''Name&amp;Email''']<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT MAIN LINKS''' <br /> |-<br /> | style=&quot;width:100%; background:#cccccc&quot; align=&quot;center&quot;|<br /> * What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf<br /> * AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf<br /> * Google Code Project page: http://code.google.com/p/accorute/<br /> * AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip<br /> * AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''SPONSORS &amp; GUIDELINES''' <br /> |-<br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']] <br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''Sponsored Project/Guidelines/Roadmap''']]<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;5&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|ASSESSMENT AND REVIEW PROCESS<br /> |-<br /> | style=&quot;width:15%; background:#6C82B5&quot; align=&quot;center&quot;|'''Review/Reviewer''' <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Author's Self Evaluation'''&lt;br&gt;(applicable for Alpha Quality &amp; further) <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''First Reviewer'''&lt;br&gt;(applicable for Alpha Quality &amp; further)<br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Second Reviewer'''&lt;br&gt;(applicable for Beta Quality &amp; further)<br /> | style=&quot;width:22%; background:#b3b3b3&quot; align=&quot;center&quot;|'''OWASP Board Member'''&lt;br&gt;(applicable just for Release Quality) <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''50% Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&amp;Edit: 50% Review/1st Reviewer (C)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Final Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - Beta Quality&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&amp;Edit: Final Review/SelfEvaluation (B)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&amp;Edit: Final Review/1st Reviewer (D)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - Beta Quality&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&amp;Edit: Final Review/2nd Reviewer (F)]]<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X<br /> |-<br /> |}</div> Min Chen https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project_-_Final_Review_-_Second_Reviewer_-_F&diff=45634 Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F 2008-11-03T16:54:13Z <p>Min Chen: </p> <hr /> <div>[[Project Information:template Access Control Rules Tester Project|Clik here to return to the previous page]].<br /> <br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;3&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''FINAL REVIEW''' <br /> |- <br /> | style=&quot;width:25%; background:white&quot; align=&quot;center&quot;|'''PART I''' <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:white&quot; align=&quot;left&quot;|<br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> Project Deliveries &amp; Objectives <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|<br /> [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|OWASP Access Control Rules Tester Project's Deliveries &amp; Objectives]]<br /> |-<br /> | style=&quot;width:25%; background:#4058A0&quot; align=&quot;center&quot;|&lt;font color=&quot;white&quot;&gt;'''QUESTIONS''' <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#4058A0&quot; align=&quot;left&quot;|&lt;font color=&quot;white&quot;&gt;'''ANSWERS''' <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> 1. At what extent have the project deliveries &amp; objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|The project objectives are met. In terms of deliveries, the document and the tool are implemented, however, the tool doesn't have the Site Spider functionality, indeed it depends on third-party spider packages.<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> 2. At what extent have the project deliveries &amp; objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|1. Research technical report: 100% done&lt;br&gt;2. Access Control Rules Tester (AcCoRuTe) tool: 100% done. Although the Site Spider is a third-party tool instead of a built-in package, it doesn't affect the functionalities of the testing tool. <br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;|<br /> 3. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|1. Improving the abilities to detect access control violation in Applets and Web Services&lt;br&gt;2. Compatible with XACML&lt;br&gt;3. Better handling in role delegation, right now it's hard to test delegation&lt;br&gt;4. Providing an approach to integrate the tool into the early stage in software development life cycle<br /> |- <br /> | style=&quot;width:25%; background:white&quot; align=&quot;center&quot;|'''PART II''' <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:white&quot; align=&quot;left&quot;|<br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> Assessment Criteria<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|<br /> [[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]<br /> |-<br /> | style=&quot;width:25%; background:#4058A0&quot; align=&quot;center&quot;|&lt;font color=&quot;white&quot;&gt;'''QUESTIONS''' <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#4058A0&quot; align=&quot;left&quot;|&lt;font color=&quot;white&quot;&gt;'''ANSWERS''' <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> 1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|None<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> 2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|The &quot;About box&quot; has been implemented, however, since this is a command line based tool, the messages in the &quot;About box&quot; has been added to the README file<br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> 3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;| N/A<br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;|<br /> 4. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|The tool may provide a &quot;-help&quot; command line option to display name of tool, author, e-mail address of author, current version number and/or release date<br /> |}</div> Min Chen https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project&diff=45633 Project Information:template Access Control Rules Tester Project 2008-11-03T16:34:35Z <p>Min Chen: </p> <hr /> <div>{| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;7&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Project Name'''<br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;'''OWASP Access Control Rules Tester Project''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Short Project Description''' <br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed. <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Email Contacts'''<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Leader&lt;br&gt;[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Contributors&lt;br&gt;(if applicable)&lt;br&gt;[mailto:to(at)change '''Name&amp;Email''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Mailing List/Subscribe''']&lt;br&gt;<br /> [mailto:owasp-access-control-rules-tester-project@lists.owasp.org '''Mailing List/Use''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|First Reviewer&lt;br&gt;[mailto:caughron(at)gmail.com '''Mat Caughron''']&lt;br&gt;[http://www.linkedin.com/pub/1/A84/998 Profile]<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Second Reviewer&lt;br&gt;[mailto:mg_chen(at)yahoo.com '''Min Chen''']&lt;br&gt;[http://www.linkedin.com/in/mgchen Profile]<br /> | style=&quot;width:15%; background:#cccccc&quot; align=&quot;center&quot;|OWASP Board Member&lt;br&gt;(if applicable)&lt;br&gt;[mailto:name(at)name '''Name&amp;Email''']<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT MAIN LINKS''' <br /> |-<br /> | style=&quot;width:100%; background:#cccccc&quot; align=&quot;center&quot;|<br /> * What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf<br /> * AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf<br /> * Google Code Project page: http://code.google.com/p/accorute/<br /> * AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip<br /> * AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''SPONSORS &amp; GUIDELINES''' <br /> |-<br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']] <br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''Sponsored Project/Guidelines/Roadmap''']]<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;5&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|ASSESSMENT AND REVIEW PROCESS<br /> |-<br /> | style=&quot;width:15%; background:#6C82B5&quot; align=&quot;center&quot;|'''Review/Reviewer''' <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Author's Self Evaluation'''&lt;br&gt;(applicable for Alpha Quality &amp; further) <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''First Reviewer'''&lt;br&gt;(applicable for Alpha Quality &amp; further)<br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Second Reviewer'''&lt;br&gt;(applicable for Beta Quality &amp; further)<br /> | style=&quot;width:22%; background:#b3b3b3&quot; align=&quot;center&quot;|'''OWASP Board Member'''&lt;br&gt;(applicable just for Release Quality) <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''50% Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&amp;Edit: 50% Review/1st Reviewer (C)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Final Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - Beta Quality&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&amp;Edit: Final Review/SelfEvaluation (B)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&amp;Edit: Final Review/1st Reviewer (D)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;100% Done&lt;br&gt;'''Season of Code''' - Beta Quality&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&amp;Edit: Final Review/2nd Reviewer (F)]]<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X<br /> |-<br /> |}</div> Min Chen https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project&diff=45632 Project Information:template Access Control Rules Tester Project 2008-11-03T16:30:48Z <p>Min Chen: </p> <hr /> <div>{| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;7&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Project Name'''<br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;'''OWASP Access Control Rules Tester Project''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Short Project Description''' <br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed. <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Email Contacts'''<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Leader&lt;br&gt;[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Contributors&lt;br&gt;(if applicable)&lt;br&gt;[mailto:to(at)change '''Name&amp;Email''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Mailing List/Subscribe''']&lt;br&gt;<br /> [mailto:owasp-access-control-rules-tester-project@lists.owasp.org '''Mailing List/Use''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|First Reviewer&lt;br&gt;[mailto:caughron(at)gmail.com '''Mat Caughron''']&lt;br&gt;[http://www.linkedin.com/pub/1/A84/998 Profile]<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Second Reviewer&lt;br&gt;[mailto:mg_chen(at)yahoo.com '''Min Chen''']&lt;br&gt;[http://www.linkedin.com/in/mgchen Profile]<br /> | style=&quot;width:15%; background:#cccccc&quot; align=&quot;center&quot;|OWASP Board Member&lt;br&gt;(if applicable)&lt;br&gt;[mailto:name(at)name '''Name&amp;Email''']<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT MAIN LINKS''' <br /> |-<br /> | style=&quot;width:100%; background:#cccccc&quot; align=&quot;center&quot;|<br /> * What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf<br /> * AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf<br /> * Google Code Project page: http://code.google.com/p/accorute/<br /> * AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip<br /> * AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''SPONSORS &amp; GUIDELINES''' <br /> |-<br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']] <br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''Sponsored Project/Guidelines/Roadmap''']]<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;5&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|ASSESSMENT AND REVIEW PROCESS<br /> |-<br /> | style=&quot;width:15%; background:#6C82B5&quot; align=&quot;center&quot;|'''Review/Reviewer''' <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Author's Self Evaluation'''&lt;br&gt;(applicable for Alpha Quality &amp; further) <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''First Reviewer'''&lt;br&gt;(applicable for Alpha Quality &amp; further)<br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Second Reviewer'''&lt;br&gt;(applicable for Beta Quality &amp; further)<br /> | style=&quot;width:22%; background:#b3b3b3&quot; align=&quot;center&quot;|'''OWASP Board Member'''&lt;br&gt;(applicable just for Release Quality) <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''50% Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&amp;Edit: 50% Review/1st Reviewer (C)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Final Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - Beta Quality&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&amp;Edit: Final Review/SelfEvaluation (B)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&amp;Edit: Final Review/1st Reviewer (D)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&amp;Edit: Final Review/2nd Reviewer (F)]]<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X<br /> |-<br /> |}</div> Min Chen https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project&diff=42763 Project Information:template Access Control Rules Tester Project 2008-10-09T17:21:47Z <p>Min Chen: </p> <hr /> <div>{| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;7&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Project Name'''<br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;'''OWASP Access Control Rules Tester Project''' <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Short Project Description''' <br /> | colspan=&quot;6&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|The author believes that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). My proposal is to create a systematic approach that addresses business logic vulnerabilities. <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Email Contacts'''<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Leader&lt;br&gt;[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Project Contributors&lt;br&gt;(if applicable)&lt;br&gt;[mailto:to(at)change '''Name&amp;Email''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Mailing List/Subscribe''']&lt;br&gt;<br /> [mailto:owasp-access-control-rules-tester-project@lists.owasp.org '''Mailing List/Use''']<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|First Reviewer&lt;br&gt;[mailto:caughron(at)gmail.com '''Mat Caughron''']&lt;br&gt;[http://www.linkedin.com/pub/1/A84/998 Profile]<br /> | style=&quot;width:14%; background:#cccccc&quot; align=&quot;center&quot;|Second Reviewer&lt;br&gt;[mailto:mg_chen(at)yahoo.com '''Min Chen''']&lt;br&gt;[http://www.linkedin.com/in/mgchen Profile]<br /> | style=&quot;width:15%; background:#cccccc&quot; align=&quot;center&quot;|OWASP Board Member&lt;br&gt;(if applicable)&lt;br&gt;[mailto:name(at)name '''Name&amp;Email''']<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''PROJECT MAIN LINKS''' <br /> |-<br /> | style=&quot;width:100%; background:#cccccc&quot; align=&quot;center&quot;|<br /> * [[:Image:Andrew Petukhov- Business Logic Vulnerabilities.doc|Business Logic Vulnerabilities]]<br /> * AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf<br /> * Google Code Project page: http://code.google.com/p/accorute/<br /> * AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip<br /> * AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;6&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''SPONSORS &amp; GUIDELINES''' <br /> |-<br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']] <br /> | style=&quot;width:50%; background:#cccccc&quot; align=&quot;center&quot;|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''Sponsored Project/Guidelines/Roadmap''']]<br /> |}<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;5&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|ASSESSMENT AND REVIEW PROCESS<br /> |-<br /> | style=&quot;width:15%; background:#6C82B5&quot; align=&quot;center&quot;|'''Review/Reviewer''' <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Author's Self Evaluation'''&lt;br&gt;(applicable for Alpha Quality &amp; further) <br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''First Reviewer'''&lt;br&gt;(applicable for Alpha Quality &amp; further)<br /> | style=&quot;width:21%; background:#b3b3b3&quot; align=&quot;center&quot;|'''Second Reviewer'''&lt;br&gt;(applicable for Beta Quality &amp; further)<br /> | style=&quot;width:22%; background:#b3b3b3&quot; align=&quot;center&quot;|'''OWASP Board Member'''&lt;br&gt;(applicable just for Release Quality) <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''50% Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;The project undergoes 100% review straight away <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - 50 Review - First Reviewer - C|See&amp;Edit: 50% Review/1st Reviewer (C)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' (Updated)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project 50 Review Second Review E|See&amp;Edit: 50%Review/2nd Reviewer (E)]]<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X <br /> |-<br /> | style=&quot;width:15%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Final Review''' <br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes''' &lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - Beta Quality&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Self Evaluation - B|See&amp;Edit: Final Review/SelfEvaluation (B)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - First Reviewer - D|See&amp;Edit: Final Review/1st Reviewer (D)]]<br /> | style=&quot;width:21%; background:#C2C2C2&quot; align=&quot;center&quot;|Objectives &amp; Deliveries reached?&lt;br&gt;'''Yes/No''' (To update)&lt;br&gt;---------&lt;br&gt;Which status has been reached?&lt;br&gt;'''Season of Code''' - (To update)&lt;br&gt;---------&lt;br&gt;[[Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F|See&amp;Edit: Final Review/2nd Reviewer (F)]]<br /> | style=&quot;width:22%; background:#C2C2C2&quot; align=&quot;center&quot;|X<br /> |-<br /> |}</div> Min Chen https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project_50_Review_Second_Review_E&diff=42762 Project Information:template Access Control Rules Tester Project 50 Review Second Review E 2008-10-09T17:17:48Z <p>Min Chen: </p> <hr /> <div>[[Project Information:template Access Control Rules Tester Project|Click here to return to the previous page]].<br /> <br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;3&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''50% REVIEW PROCESS''' <br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> Project Deliveries &amp; Objectives <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;|<br /> [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|OWASP Access Control Rules Tester Project's Deliveries &amp; Objectives]]<br /> |-<br /> | style=&quot;width:25x%; background:#4058A0&quot; align=&quot;center&quot;|&lt;font color=&quot;white&quot;&gt;'''QUESTIONS''' <br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#4058A0&quot; align=&quot;left&quot;|&lt;font color=&quot;white&quot;&gt;'''ANSWERS''' <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> 1. At what extent have the project deliveries &amp; objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;| The project objectives are met. In terms of deliveries, the document and the tool are implemented, however, the tool doesn't have the Site Spider functionality, indeed it depends on third-party spider packages.<br /> |- <br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| <br /> <br /> 2. At what extent have the project deliveries &amp; objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022 - OWASP Access Control Rules Tester|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;| 1. Research technical report: 100% done&lt;br&gt;2. Access Control Rules Tester (AcCoRuTe) tool: 90% done. Author should correct the site spider description in [https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications_-_Need_Futher_Clarifications#P022_-_OWASP_Access_Control_Rules_Tester the project deliveries] to reflect the real design and implementation. <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;|<br /> 3. Please do use the right hand side column to provide advice and make work suggestions?<br /> | colspan=&quot;2&quot; style=&quot;width:75%; background:#cccccc&quot; align=&quot;left&quot;| 1. Need to find a place to display &quot;a common About Box or help menu&quot; as required by [http://www.owasp.org/index.php/Category:OWASP_Project_Assessment OWASP Project Assessment] for Beta Quality OWASP Tools&lt;br&gt;2. Need more description (ideally XSD file) of how to customize WebApplication.xml. This would give other people information to create new tool to build the WebApplication.xml&lt;br&gt;3. Developing Use Cases (or Test Cases?) is not an easy job, it would be nice to include templates or utilities to help building Use Cases<br /> |}</div> Min Chen https://wiki.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Projects_Authors_Status_Target_and_Reviewers&diff=31778 OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers 2008-06-16T16:47:11Z <p>Min Chen: </p> <hr /> <div>== DOCUMENTATION PROJECTS ==<br /> {| class=&quot;wikitable&quot; style=&quot;text-align:center&quot;<br /> ! width=&quot;400&quot; height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | Application<br /> ! width=&quot;120&quot; align=&quot;CENTER&quot; | '''Author'''<br /> ! width=&quot;60&quot; align=&quot;CENTER&quot; | [[:Category:OWASP Project Assessment|'''Status Target''']]<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''1st Reviewer'''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''2nd Reviewer '''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''OWASP Board<br /> Reviewer<br /> '''<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP Application Security Verification Standard|OWASP Application Security Verification Standard]]'''<br /> | align=&quot;CENTER&quot; | Mike Boberski <br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:jeff.williams(at)owasp.org Jeff Williams]<br /> | align=&quot;CENTER&quot; | [mailto:pierre.parrend(at)insa-lyon.fr Pierre Parrend]&lt;br&gt;[http://www.rzo.free.fr Curriculum]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P017 - OWASP AppSensor - Detect and Respond to Attacks from Within the Application|OWASP AppSensor - Detect and Respond to Attacks from Within the Application]]'''<br /> | align=&quot;CENTER&quot; | [mailto:michael.coates(at)aspectsecurity.com Michael Coates]<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:eric.sheridan(at)aspectsecurity.com Eric Sheridan]<br /> | align=&quot;CENTER&quot; | [mailto:thrynn404(at)gmail.com Randy Janinda]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OWASP Backend Security Project|OWASP Backend Security Project]]'''<br /> | align=&quot;CENTER&quot; | Carlo Pelliccioni<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP Classic ASP Security Project|OWASP Classic ASP Security Project]]'''<br /> | align=&quot;CENTER&quot; | Juan Carlos Calderon<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:kisero(at)gmail.com Esteban Ribičić]&lt;br&gt;[http://docs.google.com/Doc?id=df9vbj96_120fzfj4kfk Curriculum]<br /> | align=&quot;CENTER&quot; | [mailto:rodrigo@rmarcos.com Rodrigo Marcos]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP Code review guide, V1.1|OWASP Code review guide, V1.1]]'''<br /> | align=&quot;CENTER&quot; | Eoin Keary<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:namn(at)bluemoon.com.vn Nam Nguyen]&lt;br&gt;[[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Nguyen Curriculum|Curriculum]]<br /> | align=&quot;CENTER&quot; | [mailto:psatishkumar(at)gmail.com P.Satish Kumar]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | Jeff Williams<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P006 - OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]]'''<br /> | align=&quot;CENTER&quot; | Parvathy Iyer<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | Neal Kirschner&lt;br&gt;Email address?<br /> | align=&quot;CENTER&quot; | [mailto:Omar.Sherin(at)infosec2.com Omar Sherin]&lt;br&gt;TBC <br /> | align=&quot;CENTER&quot; | <br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP Education Project|OWASP Education Project]]'''<br /> | align=&quot;CENTER&quot; | Martin Knobloch<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:sebastien.gioria@owasp.fr Sebastien Gioria]<br /> | align=&quot;CENTER&quot; | [mailto:namn(at)bluemoon.com.vn Nam Nguyen]&lt;br&gt;[[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Nguyen Curriculum|Curriculum]]<br /> | align=&quot;CENTER&quot; | <br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#Internationalization Guidelines and OWASP-Spanish Project|OWASP Internationalization Guidelines and OWASP-Spanish Project]]'''<br /> | align=&quot;CENTER&quot; | Juan Carlos Calderon <br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:fabio.e.cerullo(at)aib.ie Fabio Cerullo]<br /> | align=&quot;CENTER&quot; | [mailto:kisero(at)gmail.com Esteban Ribičić]&lt;br&gt;[http://docs.google.com/Doc?id=df9vbj96_120fzfj4kfk Curriculum]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|OWASP .NET Project Leader]]'''<br /> | align=&quot;CENTER&quot; | Mark Roxberry <br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:eoinkeary(at)gmail.com Eoin Keary]<br /> | align=&quot;CENTER&quot; | [mailto:dennis.hurst(at)hp.com Dennis Hurst]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | Dinis Cruz<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P025 OWASP Positive Security Project|OWASP Positive Security Project]]'''<br /> | align=&quot;CENTER&quot; | Eduardo Vianna de Camargo Neves <br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:welias(at)conviso.com.br Wagner Elias]<br /> | align=&quot;CENTER&quot; | [mailto:ken(at)krvw.com Kenneth Wyk]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#The Ruby on Rails Security Guide v2|OWASP Ruby on Rails Security Guide v2]]'''<br /> | align=&quot;CENTER&quot; | Heiko Webers <br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:steve.jones(at)unf.edu Steve Jones]<br /> | align=&quot;CENTER&quot; | [mailto:jeff.cabaniss(at)gmail.com Jeff Cabaniss]<br /> | align=&quot;CENTER&quot; |<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|OWASP Securing WebGoat using ModSecurity]]'''<br /> | align=&quot;CENTER&quot; | Stephen Evans <br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:ivan.ristic(at)breach.com Ivan Ristic] &amp; Breach Group<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Source Code Review OWASP Projects|OWASP Source Code Review OWASP Projects]]'''<br /> | align=&quot;CENTER&quot; | James Walden<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:afry(at)strongcrypto.biz Alex Fry]&lt;br&gt;(TBC)<br /> | align=&quot;CENTER&quot; | [mailto:marco.m.morana(at)gmail.com Marco M. Morana]&lt;br&gt;(TBC)<br /> | align=&quot;CENTER&quot; | <br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#The OWASP Testing Guide v3|OWASP Testing Guide v3]]'''<br /> | align=&quot;CENTER&quot; | Matteo Meucci <br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; |<br /> |}<br /> <br /> {| class=&quot;wikitable&quot; style=&quot;text-align:center&quot;<br /> ! width=&quot;400&quot; height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | Application<br /> ! width=&quot;120&quot; align=&quot;CENTER&quot; | '''Author'''<br /> ! width=&quot;60&quot; align=&quot;CENTER&quot; | [[:Category:OWASP Project Assessment|'''Status Target''']]<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''1st Reviewer'''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''2nd Reviewer '''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''3rd Reviewer '''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''4th Reviewer '''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''OWASP Board<br /> Reviewer<br /> '''<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#The Application Security Desk Reference - ASDR|OWASP Application Security Desk Reference (ASDR)]]'''<br /> | align=&quot;CENTER&quot; | Leonardo Cavallari Militelli <br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:williamtsmith(at)gmail.com William Smith]<br /> | align=&quot;CENTER&quot; | [mailto:ken(at)krvw.com Kenneth Van Wyk]<br /> | align=&quot;CENTER&quot; | [mailto:kcfredman(at)gmail.com Frederick Donovan]<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Jeff Williams<br /> |}<br /> <br /> == TOOLS PROJECTS ==<br /> {| class=&quot;wikitable&quot; style=&quot;text-align:center&quot;<br /> ! width=&quot;400&quot; height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | Application<br /> ! width=&quot;120&quot; align=&quot;CENTER&quot; | '''Author'''<br /> ! width=&quot;60&quot; align=&quot;CENTER&quot; | [[:Category:OWASP Project Assessment|'''Status Target''']]<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''1st Reviewer'''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''2nd Reviewer '''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''OWASP Board<br /> Reviewer<br /> '''<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#GTK+ GUI for w3af project|GTK+ GUI for w3af project]]'''<br /> | align=&quot;CENTER&quot; | Facundo Batista<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:andres.riancho(at)gmail.com Andres Riancho]<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P022_-_OWASP_Access_Control_Rules_Tester|OWASP Access Control Rules Tester]]'''<br /> | align=&quot;CENTER&quot; | Andrew Petukhov<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:caughron(at)gmail.com Mat Caughron]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | [mailto:mg_chen(at)yahoo.com Min Chen]&lt;br&gt;[http://www.linkedin.com/in/mgchen Profile]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP AntiSamy .NET| OWASP AntiSamy .NET]]'''<br /> | align=&quot;CENTER&quot; | Arshan Dabirsiaghi<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:dallasspohn(at)sbcglobal.net Dallas Spohn]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P003/P013 - OWASP Application Security Tool Benchmarking Environment and Site Generator refresh.=|OWASP Application Security Tool Benchmarking Environment and Site Generator refresh]]'''<br /> | align=&quot;CENTER&quot; | Dmitry Kozlov<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:mark.roxberry(at)owasp.org Mark Roxberry]<br /> | align=&quot;CENTER&quot; | [mailto:medelibero(at)gmail.com Mike de Libero]<br /> | align=&quot;CENTER&quot; | Dinis Cruz<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Code Crawler|OWASP Code Crawler ]]'''<br /> | align=&quot;CENTER&quot; | Alessio Marziali <br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:eoinkeary@gmail.com Eoin Keary]<br /> | align=&quot;CENTER&quot; | [mailto:dinis.cruz(at)owasp.org Dinis Cruz]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OWASP Interceptor Project - 2008 Update|OWASP Interceptor Project - 2008 Update]]'''<br /> | align=&quot;CENTER&quot; | Justin Derry<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:dallasspohn(at)sbcglobal.net Dallas Spohn]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | <br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#P028 - OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool)|OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool)]]'''<br /> | align=&quot;CENTER&quot; | Jason Li<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:markkerzner(at)gmail.com Mark Kerzner]<br /> | align=&quot;CENTER&quot; | [mailto:fabricio.fujikawa(at)infoglobo.com.br Fabrício Fujikawa]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP Live CD 2008 Project|OWASP Live CD 2008 Project]]'''<br /> | align=&quot;CENTER&quot; | Matt Tesauro<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:admin@wirefall.com Dustin Dykes]&lt;br&gt;[http://www.linkedin.com/pub/1/607/6b1 Curriculum]<br /> | align=&quot;CENTER&quot; | [mailto:jkpoots(at)rogers.com Kent Poots]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; |<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#Online code signing and integrity verification service for open source community (OpenSign Server)|OWASP Online code signing and integrity verification service for open source community (OpenSign Server)]]'''<br /> | align=&quot;CENTER&quot; | Phil Potisk and Richard Conway<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:pierre.parrend@insa-lyon.fr Pierre Parrend]&lt;br&gt;[http://www.rzo.free.fr Curriculum]<br /> | align=&quot;CENTER&quot; | [mailto:a_campani@yahoo.fr Antonio Campanile]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp]]'''<br /> | align=&quot;CENTER&quot; | Arturo 'Buanzo' Busleiman<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:mark.roxberry(at)owasp.org Mark Roxberry]<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | [mailto:dinis.cruz(at)owasp.org Dinis Cruz]<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#The Owasp Orizon Project|OWASP Orizon Project]]'''<br /> | align=&quot;CENTER&quot; | Paolo Perego<br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:eoinkeary@gmail.com Eoin Keary]<br /> | align=&quot;CENTER&quot; | [mailto:seba@deleersnyder.eu Sebastien Deleersnyder]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | [mailto:dinis.cruz@owasp.org Dinis Cruz]<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#Python Static Analysis|OWASP Python Static Analysis]]'''<br /> | align=&quot;CENTER&quot; | Georgy Klimov<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:namn@bluemoon.com.vn Nam Nguyen]&lt;br&gt;[[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Nguyen Curriculum|Curriculum]]<br /> | align=&quot;CENTER&quot; | [mailto:diepvien00thayh@gmail.com P.Q.Huy] <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Skavenger|OWASP Skavenger]]'''<br /> | align=&quot;CENTER&quot; | [mailto:mro(at)securenet.de Matthias Rohr]<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | Rogan Dawes&lt;br&gt;Email address?<br /> | align=&quot;CENTER&quot; | [mailto:ah@securenet.de Achim Hoffmann]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#SQL Injector Benchmarking Project (SQLiBENCH)|OWASP SQL Injector Benchmarking Project (SQLiBENCH)]]'''<br /> | align=&quot;CENTER&quot; | [mailto:urgunb@hotmail.com Bedirhan Urgun]&lt;br&gt;[mailto:mesut@h-labs.org Mesut Timur]<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:ferruh@mavituna.com Ferruh Mavituna] &lt;br/&gt; [[Project Information:Sqlibench:Ferruh|background info]]<br /> | align=&quot;CENTER&quot; | [mailto:kfuller@dmv.ca.gov Kevin Fuller] &lt;br/&gt; [[Project Information:Sqlibench:Kevin|background info]]<br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Teachable Static Analysis Workbench|OWASP Teachable Static Analysis Workbench]]'''<br /> | align=&quot;CENTER&quot; | [mailto:ddk(at)cs.msu.su Dmitry Kozlov]&lt;br&gt;Igor Konnov<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:afry(at)strongcrypto.biz Alex Fry]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OWASP-WeBekci Project|OWASP WeBekci Project]]'''<br /> | align=&quot;CENTER&quot; | [mailto:bunyamin@owasp.org Bunyamin Demir]<br /> | align=&quot;CENTER&quot; | Beta<br /> | align=&quot;CENTER&quot; | [mailto:afry(at)strongcrypto.biz Alex Fry]&lt;br&gt;TBC<br /> | align=&quot;CENTER&quot; | <br /> | align=&quot;CENTER&quot; | Not applicable<br /> |}<br /> <br /> == DESIGN/CORPORATE PROJECTS ==<br /> {| class=&quot;wikitable&quot; style=&quot;text-align:center&quot;<br /> ! width=&quot;400&quot; height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | Application<br /> ! width=&quot;120&quot; align=&quot;CENTER&quot; | '''Author'''<br /> ! width=&quot;60&quot; align=&quot;CENTER&quot; | [[:Category:OWASP Project Assessment|'''Status Target''']]<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''1st Reviewer'''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''2nd Reviewer '''<br /> ! width=&quot;108&quot; align=&quot;CENTER&quot; | '''OWASP Board<br /> Reviewer<br /> '''<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP_Book_Cover_.26_Sleeve_Design|OWASP Book Cover &amp; Sleeve Design]]'''<br /> | align=&quot;CENTER&quot; | LXstudios,&lt;br&gt;[mailto:deb@lxstudios.com Deb Brewer] <br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:yiannis@owasp.org Yiannis Pavlosoglou]&lt;br&gt;<br /> | align=&quot;CENTER&quot; | [mailto:kris_seeburn@utm.intnet.mu Kris Seeburn]&lt;br&gt;(TBC)<br /> | align=&quot;CENTER&quot; | Dinis Cruz<br /> |-<br /> | height=&quot;18&quot; bgcolor=&quot;#FFFFFF&quot; align=&quot;CENTER&quot; valign=&quot;MIDDLE&quot; | '''[[OWASP Summer of Code 2008 Applications#OWASP Individual &amp; Corporate Member Packs, Conference Attendee Packs Brief|OWASP Individual &amp; Corporate Member Packs, Conference Attendee Packs Brief]]'''<br /> | align=&quot;CENTER&quot; | LXstudios,&lt;br&gt;[mailto:deb@lxstudios.com Deb Brewer] <br /> | align=&quot;CENTER&quot; | Quality<br /> | align=&quot;CENTER&quot; | [mailto:eoinkeary@gmail.com Eoin Keary]<br /> | align=&quot;CENTER&quot; | [mailto:yiannis@owasp.org Yiannis Pavlosoglou]<br /> | align=&quot;CENTER&quot; | Dinis Cruz<br /> |-</div> Min Chen