|
|
| (7 intermediate revisions by the same user not shown) |
| Line 17: |
Line 17: |
| | |- | | |- |
| | | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information''' | | | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information''' |
| − | | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[:User:Ddk|Dmitry Kozlov]]<br>[mailto:igor.konnov(at)gmail.com '''Igor Konnov'''] | + | | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[:User:Ddk|'''Dmitry Kozlov''']]<br>[mailto:igor.konnov(at)gmail.com '''Igor Konnov'''] |
| | | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable) | | | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable) |
| − | | style="width:14%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-teachable-static-analysis-workbench '''Subscribe here''']<br>[mailto:owasp-teachable-static-analysis-workbench(at)lists.owasp.org '''/Use here'''] | + | | style="width:14%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-teachable-static-analysis-workbench '''Subscribe here''']<br>[mailto:owasp-teachable-static-analysis-workbench(at)lists.owasp.org '''Use here'''] |
| − | | style="width:14%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] | + | | style="width:14%; background:#cccccc" align="center"|License<br>[http://www.gnu.org/licenses/old-licenses/gpl-2.0.html '''GNU General Public License v2'''] |
| − | | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Alpha_Status_Projects|'''Tool''']] | + | | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta_Status_Projects|'''Tool''']] |
| | | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']] | | | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']] |
| | |} | | |} |
| Line 30: |
Line 30: |
| | ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects''' | | ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects''' |
| | |- | | |- |
| − | | style="width:29%; background:#cccccc" align="center"| '''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Beta Quality]]'''<br>[[:Teachable Static Analysis Workbench - Assessment Frame|Please see here for complete information.]] | + | | style="width:29%; background:#cccccc" align="center"| '''[[:Category:OWASP_Project_Assessment#Beta_Quality_Tool_Criteria|Beta Quality]]'''<br>[[:Teachable Static Analysis Workbench - Assessment Frame|Please see here for complete information.]] |
| | | style="width:42%; background:#cccccc" align="center"| | | | style="width:42%; background:#cccccc" align="center"| |
| | http://code.google.com/p/teachablesa/<br>[https://www.owasp.org/images/6/69/Teachable_static_analysis_workbench.pptx PowerPoint Presentation] | | http://code.google.com/p/teachablesa/<br>[https://www.owasp.org/images/6/69/Teachable_static_analysis_workbench.pptx PowerPoint Presentation] |
| | | style="width:29%; background:#cccccc" align="center"| | | | style="width:29%; background:#cccccc" align="center"| |
| | If any, add link here | | If any, add link here |
| − | |}
| |
| − |
| |
| − |
| |
| − |
| |
| − |
| |
| − |
| |
| − | {| style="width:100%" border="0" align="center"
| |
| − | ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
| |
| − | |-
| |
| − | | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| |
| − | | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Teachable Static Analysis Workbench Project'''
| |
| − | |-
| |
| − | | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| |
| − | | colspan="6" style="width:85%; background:#cccccc" align="left"|The research will be intended to answer the following questions:
| |
| − | * Can we integrate existing open source static analysis tools (OWASP and third-party) to work altogether? We plan analysis to cover the following tools: LAPSE, Orizon, ESAPI, FindBugs.
| |
| − | * How static analysis workbench can be taught by security analyst?
| |
| − | * How static analysis workbench can support web-applications built using MVC frameworks?
| |
| − | Workbench prototype will be Java-based Eclipse plug-in which aim is to help security analyst/code reviewer validation of web application. At prototype step we suggest to analyze J2EE Web tier applications build on Java Servlets, JSP (without business logic in it) and one MVC framework (Apache Struts). We plan workbench prototype to have the following functionality:
| |
| − | * Input validation vulnerabilities analysis: identification of web application entry points (aka attack surface in P024), call graph for each entry point (see “Packages -> Classes -> Methods -> callsites” in P023), identification of data validation routines, teachable taint analysis.
| |
| − | * Authentification and access control analysis: identification of code related to access control and it’s analysis.
| |
| − | * Pattern-based code analysis.
| |
| − | * Teachability: analyst indicates security-related code (sources of tainted data, sensitive sinks, input validation and sanitizing functions, access control code, etc.) and workbench automatically recomputes possible vulnerabilities list. The second idea is to spread knowledge gathered from analyst to other web applications.
| |
| − | |-
| |
| − | | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| |
| − | | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:ddk(at)cs.msu.su '''Dmitry Kozlov''']<br>[mailto:igor.konnov(at)gmail.com '''Igor Konnov''']
| |
| − | | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
| |
| − | | style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-teachable-static-analysis-workbench '''Mailing List/Subscribe''']<br>
| |
| − | [mailto:owasp-teachable-static-analysis-workbench(at)lists.owasp.org '''Mailing List/Use''']
| |
| − | | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:afry(at)strongcrypto.biz '''Alex Fry''']<br>[http://www.linkedin.com/in/alexanderfry Profile]
| |
| − | | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:mwcoates(at)gmail.com '''Michael Coates''']
| |
| − | | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
| |
| − | |}
| |
| − | {| style="width:100%" border="0" align="center"
| |
| − | ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
| |
| − | |-
| |
| − | | style="width:100%; background:#cccccc" align="center"|
| |
| − | * http://code.google.com/p/teachablesa/
| |
| − | * [https://www.owasp.org/images/6/69/Teachable_static_analysis_workbench.pptx PowerPoint Presentation]
| |
| − | |}
| |
| − | {| style="width:100%" border="0" align="center"
| |
| − | ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
| |
| − | |-
| |
| − | | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| |
| − | | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Teachable Static Analysis Workbench|'''Sponsored Project/Guidelines/Roadmap''']]
| |
| − | |}
| |
| − | {| style="width:100%" border="0" align="center"
| |
| − | ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
| |
| − | |-
| |
| − | | style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| |
| − | | style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
| |
| − | | style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
| |
| − | | style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
| |
| − | | style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
| |
| − | |-
| |
| − | | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| |
| − | | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>[[Project Information:template Teachable Static Analysis Workbench - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
| |
| − | | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>[[Project Information:template Teachable Static Analysis Workbench - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
| |
| − | | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>[[Project Information:template Teachable Static Analysis Workbench 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| |
| − | | style="width:22%; background:#C2C2C2" align="center"|X
| |
| − | |-
| |
| − | | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| |
| − | | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Teachable Static Analysis Workbench - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| |
| − | | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Teachable Static Analysis Workbench - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| |
| − | | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Teachable Static Analysis Workbench - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| |
| − | | style="width:22%; background:#C2C2C2" align="center"|X
| |
| − | |-
| |
| | |} | | |} |
