Revision as of 01:37, 13 June 2014

Quality Approach Updates

12 June 2014

These has been the activities and progress regarding the QA project as described in here: https://www.owasp.org/index.php/Proposal_Project_Review_QA_Approach

JIRA Account configured for Candidate Flagship projects

Setup Projects in JIRA(done):

• OWASP AntiSamy Project
• OWASP Enterprise Security API
• OWASP ModSecurity Core Rule Set Project
• OWASP CSRFGuard Project
• OWASP Web Testing Environment Project
• OWASP WebGoat Project
• OWASP Zed Attack Proxy

Setup Accounts for Project leaders and Admins(done)

JIRA account

Virtual Server: Testing Environment(In progress)

Acquired a virtual server through Leaseweb OS: Windows 2012 Installed components:

• Eclipse
• Visual Studio Express
• OWASP ZAP 2.3.1
• TomCat 6
• MySQL 5.5
• Tortoise Subversion
• JRE 7
• Mozilla
• WAVSEP.war

To be installed:

• WebGoat(last version)

SWAMP integration preliminary tests

Created some tests to load ESAPI C into the SWAMP but the assessment failed. Probably related to build scripts. We will continue the tests with ESAPI C++.ESAPI C had more than 2 years inactive.

SWAMP

Preliminary tests on activity verification

ESAPI libraries are been right now verified for Health Criteria. From this first assessment the following results

• Perl==> Last maintained 3 years ago
• C++==>last commit 11 months ago
• Python==>last release from 3 years ago
• .NET==>last release from 3 years ago
• C==>Source code last updated 2 years ago
• Java==> Updated a month ago
• Classic ASP==>last release from 3 years ago

Libraries with more than a year without updates do not pass the health criteria Email has sent to Project leaders for verification of inactivity levels or any further plans in the future.

• .NET has been verified as inactive by Project leader