This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template Securing WebGoat using ModSecurity - Final Review - First Reviewer - D
Clik here to return to the previous page.
FINAL REVIEW | ||
---|---|---|
PART I | ||
Project Deliveries & Objectives |
OWASP Securing WebGoat using ModSecurity Project's Deliveries & Objectives | |
QUESTIONS | ANSWERS | |
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
The objectives of the project have been accomplished. This is a research project and the scope of the problem was largely unknown at the beginning. | |
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
85% out of 90%. | |
3. Please do use the right hand side column to provide advice and make work suggestions. |
The use of Lua scripting is very interesting, but the dynamic evaluation of externally-supplied data is extremely dangerous. This project demonstrates one approach that mustn't be taken in production (which is acceptable, considering the research nature of the project). | |
PART II | ||
Assessment Criteria |
||
QUESTIONS | ANSWERS | |
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
Yes. | |
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
Yes. | |
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
Not applicable. | |
4. Please do use the right hand side column to provide advice and make work suggestions. |