Difference between revisions of "LAB Projects Code Analysis Report"
From OWASP
(→Review reports 2015) |
|||
| (22 intermediate revisions by 2 users not shown) | |||
| Line 3: | Line 3: | ||
For the time being, the only projects in review are candidates for flagship status. | For the time being, the only projects in review are candidates for flagship status. | ||
| − | ==LAB Project Status Reports== | + | ==LAB Project Status Reports 2014== |
| + | |||
| + | Proposal of original plan: | ||
| + | https://www.owasp.org/index.php/Proposal_Project_Review_QA_Approach | ||
| + | |||
{|class="wikitable" | {|class="wikitable" | ||
| + | |- | ||
| + | ! style="background: #BCD4E6; color: black" | Project Name | ||
| + | ! style="background: #BCD4E6; color: black" | Project Status Report | ||
| + | ! style="background: #BCD4E6; color: black" |Overall Status | ||
| + | ! style="background: #BCD4E6; color: black" |Recommendation | ||
|- | |- | ||
| − | + | | '''OWASP AntiSamy''' || [https://www.owasp.org/images/7/7f/Project_Status_Report-AntiSamy.pdf Status Report] || style="background: #E6E6FA" | <span style="color:red">'''Off Track'''</span> || | |
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | | | + | | OWASP ModSecurity CRS || [https://www.owasp.org/images/a/a3/Project_Status_Report-ModSecurityCRS.pdf Status Report] || style="background: #E6E6FA" | <span style="color:green">'''On Track'''</span> ||Project will keep LAB status under supervision. Must update wiki info and we will reevaluate in '''October, 2014'''. |
|- | |- | ||
| − | | OWASP | + | | OWASP Broken Web Applications Project || [https://www.owasp.org/images/1/1f/Project_Status_Report_-_Broken_Web_Applications_Project.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green">'''On Track'''</span> || Project will keep LAB status under supervision. Must update wiki info and we will reevaluate in '''October, 2014'''. |
|- | |- | ||
| − | | OWASP | + | | OWASP CSRFTester Project || [https://www.owasp.org/images/5/5c/Project_Status_Report-CSRFTester_Project.pdf Status Reprort] || style="background: #E6E6FA" |<span style="color:red">'''Off Track'''</span> || <span style="color:red">'''This project has been inactivated due to lack of activity.'''</span> |
|- | |- | ||
| − | | OWASP | + | | OWASP EnDe Project || [https://www.owasp.org/images/7/76/Project_Status_Report-EnDe.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green">'''On Track'''</span> || Project will keep LAB status. Next evaluation will be '''January, 2015'''. |
|- | |- | ||
| − | | OWASP | + | | OWASP Hackademics || [https://www.owasp.org/images/8/84/Project_Status_Report-Hackademics.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green">'''On Track'''</span> || Project must update key info on wiki to become candidate flagship. Next evaluation will be '''October, 2014'''. |
|- | |- | ||
| − | | OWASP | + | | OWASP Mantra Security Framework || [https://www.owasp.org/images/a/ab/Project_Status_Report-MantraFramework.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green">'''On Track'''</span> || The project will remain in LABs. Next evaluation will be '''October, 2014'''. |
|- | |- | ||
| − | | OWASP | + | | OWASP O2 Project || [https://www.owasp.org/images/4/4c/Project_Status_Report_-OWASP_O2.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green"> '''On Track''' </span> || Project keeps its LAB status. Next evaluation will be '''January, 2015'''. |
|- | |- | ||
| − | | OWASP | + | | OWASP CRSFGuard Project || [https://www.owasp.org/images/4/46/Project_Status_Report-CRSFGuard-2.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green"> '''On Track''' </span> || Project is considered a flagship candidate. Functional testing for flagship candidates will be '''September, 2014'''. |
| + | |- | ||
| + | | OWASP WebGoat || [https://www.owasp.org/images/2/28/Project_Status_Report-WebGoat-2.pdf Status Report] || style="background: #E6E6FA" |<span style="color:#EFCC00"> '''At Risk''' </span> || Project will hold LAB status while project leaders are actively rewriting application. Reevaluation will be '''October, 2014'''. | ||
| + | |- | ||
| + | | OWASP Web Testing Environment || [https://www.owasp.org/images/4/45/Project_Status_Report-WebTestingFramework.pdf Status Report] || style="background: #E6E6FA" |<span style="color: green"> '''On Track''' </span> || Strong flagship candidate. Functional testing evaluation will be '''September, 2014'''. | ||
| + | |- | ||
| + | | OWASP Wapiti Project || [https://www.owasp.org/images/e/e7/Project_Status_Report-Wapiti.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green"> '''On Track''' </span> || <span style="color:red">'''Based on the wiki page, it looks like this project has been abandoned, and has been marked inactive.'''</span> | ||
| + | |- | ||
| + | | OWASP OWTF || [https://www.owasp.org/images/8/8e/Project_Status_Report-OWTF.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green"> '''On Track''' </span> || Project must update key information on the wiki to be considered a flagship candidate. Next evaluation is '''October, 2014'''. | ||
| + | |- | ||
| + | | OWASP ZAP || [https://www.owasp.org/images/9/96/Project_Status_Report-ZAP.pdf Status Report] || style="background: #E6E6FA" |<span style="color:green"> '''On Track''' </span> || Strong flagship candidate. Functional testing evaluation will be '''September, 2014'''. | ||
| + | |- | ||
| + | | OWASP Vicnum Project || [https://www.owasp.org/images/2/28/Project_Status_Report-Vicnum.pdf Status Report] || style="background: #E6E6FA" | <span style="color:#FF7538"> '''High Risk''' </span> || The project will remain in LABs. Next evaluation will be '''October, 2014'''. | ||
|} | |} | ||
| + | |||
| + | Reports created by Mario Kourtesis during testing: | ||
| + | https://drive.google.com/folderview?id=0B5CqvQE_eza9ekQ5RXFSYk9YVEk&usp=docs_home&usp=docs_home&urp=https://docs.google.com/a/owasp.org/folderview?id%3D&pli=1&ddrp=1 | ||
| + | |||
| + | ==Latest reviews 2015== | ||
| + | Activity level monitoring: (Last updated source code repositories including new projects) | ||
| + | During the months August 2014 and present, projects are being added to the Openhub repository for monitoring | ||
| + | https://www.openhub.net/orgs/OWASP | ||
| + | |||
| + | Summary Report: | ||
| + | |||
| + | https://magic.piktochart.com/output/6323285-project-reviews | ||
| + | |||
| + | Some latest summary review results through the Dashboard: | ||
| + | https://docs.google.com/a/owasp.org/spreadsheets/d/15NzgmnxKNtexRDs70rBUi1NHhjQiviBdYUa_kDvd3i4/edit?usp=sharing | ||
| + | |||
| + | Classification of projects: | ||
| + | https://docs.google.com/a/owasp.org/spreadsheets/d/1QhGdHxd8c6NqGGhk90QpByZjR-qDOjZ3_arhXRtvf4c/edit?usp=sharing | ||
| + | |||
| + | ==Review reports 2015== | ||
| + | https://docs.google.com/spreadsheets/d/1LpPBZ1kSnxuQ3I2bCE3aXVKOQXM7HnT4Xxfw5Nv1DKw/edit?usp=sharing | ||
| + | |||
| + | Thanks to Timo Goosen and collaboration of the Review team for their input on the Reviews 2015. | ||
Latest revision as of 15:31, 29 July 2015
Johanna is currently testing the LAB projects who are potential candidates for flagship status. We are waiting to hear back from the project leaders to ensure the reports contain the most updated information before publishing the results. Once those results have been finalized, they will be posted to the wiki page.
For the time being, the only projects in review are candidates for flagship status.
LAB Project Status Reports 2014
Proposal of original plan: https://www.owasp.org/index.php/Proposal_Project_Review_QA_Approach
| Project Name | Project Status Report | Overall Status | Recommendation |
|---|---|---|---|
| OWASP AntiSamy | Status Report | Off Track | |
| OWASP ModSecurity CRS | Status Report | On Track | Project will keep LAB status under supervision. Must update wiki info and we will reevaluate in October, 2014. |
| OWASP Broken Web Applications Project | Status Report | On Track | Project will keep LAB status under supervision. Must update wiki info and we will reevaluate in October, 2014. |
| OWASP CSRFTester Project | Status Reprort | Off Track | This project has been inactivated due to lack of activity. |
| OWASP EnDe Project | Status Report | On Track | Project will keep LAB status. Next evaluation will be January, 2015. |
| OWASP Hackademics | Status Report | On Track | Project must update key info on wiki to become candidate flagship. Next evaluation will be October, 2014. |
| OWASP Mantra Security Framework | Status Report | On Track | The project will remain in LABs. Next evaluation will be October, 2014. |
| OWASP O2 Project | Status Report | On Track | Project keeps its LAB status. Next evaluation will be January, 2015. |
| OWASP CRSFGuard Project | Status Report | On Track | Project is considered a flagship candidate. Functional testing for flagship candidates will be September, 2014. |
| OWASP WebGoat | Status Report | At Risk | Project will hold LAB status while project leaders are actively rewriting application. Reevaluation will be October, 2014. |
| OWASP Web Testing Environment | Status Report | On Track | Strong flagship candidate. Functional testing evaluation will be September, 2014. |
| OWASP Wapiti Project | Status Report | On Track | Based on the wiki page, it looks like this project has been abandoned, and has been marked inactive. |
| OWASP OWTF | Status Report | On Track | Project must update key information on the wiki to be considered a flagship candidate. Next evaluation is October, 2014. |
| OWASP ZAP | Status Report | On Track | Strong flagship candidate. Functional testing evaluation will be September, 2014. |
| OWASP Vicnum Project | Status Report | High Risk | The project will remain in LABs. Next evaluation will be October, 2014. |
Reports created by Mario Kourtesis during testing: https://drive.google.com/folderview?id=0B5CqvQE_eza9ekQ5RXFSYk9YVEk&usp=docs_home&usp=docs_home&urp=https://docs.google.com/a/owasp.org/folderview?id%3D&pli=1&ddrp=1
Latest reviews 2015
Activity level monitoring: (Last updated source code repositories including new projects) During the months August 2014 and present, projects are being added to the Openhub repository for monitoring https://www.openhub.net/orgs/OWASP
Summary Report:
https://magic.piktochart.com/output/6323285-project-reviews
Some latest summary review results through the Dashboard: https://docs.google.com/a/owasp.org/spreadsheets/d/15NzgmnxKNtexRDs70rBUi1NHhjQiviBdYUa_kDvd3i4/edit?usp=sharing
Classification of projects: https://docs.google.com/a/owasp.org/spreadsheets/d/1QhGdHxd8c6NqGGhk90QpByZjR-qDOjZ3_arhXRtvf4c/edit?usp=sharing
Review reports 2015
https://docs.google.com/spreadsheets/d/1LpPBZ1kSnxuQ3I2bCE3aXVKOQXM7HnT4Xxfw5Nv1DKw/edit?usp=sharing
Thanks to Timo Goosen and collaboration of the Review team for their input on the Reviews 2015.
