This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template Access Control Rules Tester Project"
From OWASP
| Line 16: | Line 16: | ||
| style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']] | | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']] | ||
|} | |} | ||
| + | |||
| + | {| style="width:100%" border="0" align="center" | ||
| + | ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status''' | ||
| + | ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links''' | ||
| + | ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects''' | ||
| + | |- | ||
| + | | style="width:29%; background:#cccccc" align="center"| | ||
| + | '''[[:Category:OWASP_Project_Assessment#Beta_Quality_Tool_Criteria|Beta Quality]]'''<br>[[:Access Control Rules Tester Project - Assessment Frame|Please see here for complete information.]] | ||
| + | | style="width:42%; background:#cccccc" align="center"| | ||
| + | * What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf | ||
| + | * [http://accorute.googlecode.com/files/AcCoRuTe.pdf AcCoRuTe approach described] | ||
| + | * [http://code.google.com/p/accorute/ Google Code Project page] | ||
| + | * [http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip AcCoRuTe version 1.0.0 binaries] | ||
| + | * [http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf AcCoRuTe User Guide] | ||
| + | * [http://accorute.googlecode.com/files/OWASP_EU_Summit_2008_AcCoRuTe.ppt PPT Presentation] | ||
| + | | style="width:29%; background:#cccccc" align="center"| | ||
| + | If any, add link here | ||
| + | |} | ||
| + | |||
| + | |||
| + | |||
| + | |||
| Line 24: | Line 46: | ||
|- | |- | ||
| style="width:100%; background:#cccccc" align="center"| | | style="width:100%; background:#cccccc" align="center"| | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|} | |} | ||
{| style="width:100%" border="0" align="center" | {| style="width:100%" border="0" align="center" | ||
Revision as of 14:16, 26 January 2009
| PROJECT IDENTIFICATION | |||||||
|---|---|---|---|---|---|---|---|
| Project Name | OWASP Access Control Rules Tester Project | ||||||
| Short Project Description | I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed. | ||||||
| Key Project Information | Project Leader Andrew Petukhov |
Project Contributors (if applicable) |
Mailing List Subscribe here Use here |
License Creative Commons Attribution Share Alike 3.0 |
Project Type Tool |
Sponsors OWASP SoC 08 | |
| Release Status | Main Links | Related Projects |
|---|---|---|
|
If any, add link here |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away |
Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C) |
Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away |
X |
| Final Review | Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/SelfEvaluation (B) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D) |
Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/2nd Reviewer (F) |
X |
| PROJECT IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Project Name | OWASP Access Control Rules Tester Project | |||||
| Short Project Description | I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed. | |||||
| Email Contacts | Project Leader Andrew Petukhov |
Project Contributors (if applicable) Name&Email |
Mailing List/Subscribe |
First Reviewer Steve Antoniewicz |
Second Reviewer Min Chen Profile |
OWASP Board Member (if applicable) Name&Email |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| |||||
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away |
Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C) |
Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away |
X |
| Final Review | Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/SelfEvaluation (B) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D) |
Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/2nd Reviewer (F) |
X |
