This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Project Assessment"
(→Requests for assessment) |
|||
Line 4: | Line 4: | ||
== Assessment Scale for OWASP TOOLS Projects== | == Assessment Scale for OWASP TOOLS Projects== | ||
− | {| | + | |
− | |- | + | {| style="width:100%" border="0" align="center" |
− | + | ! colspan="4" align="center" style="background:#white; color:black"| | |
− | + | |- | |
− | + | | style="width:10%; background:#C2C2C2" align="center"| '''Class''' | |
− | + | | style="width:60%; background:#C2C2C2" align="center"| '''Criteria''' | |
− | |- | + | | style="width:20%; background:#C2C2C2" align="center"| '''Review Process''' |
− | | style="background:#f2984c" align=" | + | | style="width:10%; background:#C2C2C2" align="center"| '''Example''' |
− | + | |- | |
+ | | style="width:10%; background:#f2984c" align="center"|'''[[:Category:OWASP Project#Release_Quality_Projects|Release Quality OWASP Tools]]''' | ||
+ | | style="width:60%; background:#e6e6e6" align="left"| | ||
+ | All Beta Quality Requirements plus: | ||
* Be reasonably easy to use | * Be reasonably easy to use | ||
* Include online documention built into tool (based on required user documentation) | * Include online documention built into tool (based on required user documentation) | ||
Line 25: | Line 28: | ||
* UAT pass on functionality of the tool | * UAT pass on functionality of the tool | ||
* Developer documents any limitations | * Developer documents any limitations | ||
− | | | + | | style="width:20%; background:#e6e6e6" align="left"| |
* '''Requirement''': 2 Reviewers + 1 OWASP Board Member. | * '''Requirement''': 2 Reviewers + 1 OWASP Board Member. | ||
** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ||
** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ||
− | + | | style="width:10%; background:#e6e6e6" align="center"|[[OWASP WebGoat Project|OWASP WebGoat Project]] | |
− | | align=" | + | |- |
− | |- | + | | style="width:10%; background:#ffcc66" align="center"|'''[[:Category:OWASP Project#Beta_Status_Projects|Beta Quality OWASP Tools]]''' |
− | | style="background:#ffcc66" align=" | + | | style="width:60%; background:#e6e6e6" align="left"| |
− | | All Alpha Quality Requirements plus: | + | All Alpha Quality Requirements plus: |
* Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) | * Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) | ||
* Include user documentation in Project's OWASP Wiki page(s) | * Include user documentation in Project's OWASP Wiki page(s) | ||
Line 41: | Line 44: | ||
* This documentation must stored be in the same repository as the code. | * This documentation must stored be in the same repository as the code. | ||
* When approved to be Beta Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Beta. | * When approved to be Beta Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Beta. | ||
− | | | + | | style="width:20%; background:#e6e6e6" align="left"| |
* '''Requirement''': 2 Reviewers. | * '''Requirement''': 2 Reviewers. | ||
** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ||
** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ||
− | + | | style="width:10%; background:#e6e6e6" align="center"|[[:Category:OWASP AntiSamy Project|OWASP AntiSamy Project]] | |
− | | align=" | + | |- |
− | |- | + | | style="width:10%; background:#ffff66" align="center"|'''[[:Category:OWASP Project#Alpha_Status_Projects|Alpha Quality OWASP Tools]]''' |
− | | style="background:#ffff66" align=" | + | | style="width:60%; background:#e6e6e6" align="left"| |
− | | | ||
* Agree to [[OWASP Licenses|OWASP's open source license]] | * Agree to [[OWASP Licenses|OWASP's open source license]] | ||
* The “main” page for any OWASP tool must be on the OWASP website. This page must: | * The “main” page for any OWASP tool must be on the OWASP website. This page must: | ||
Line 58: | Line 60: | ||
* [https://lists.owasp.org/mailman/listinfo Mailing list for project created]. | * [https://lists.owasp.org/mailman/listinfo Mailing list for project created]. | ||
* Solves a core application security need. | * Solves a core application security need. | ||
− | | | + | | style="width:20%; background:#e6e6e6" align="left"| |
* '''Requirement''': 1 Reviewer. | * '''Requirement''': 1 Reviewer. | ||
** If possible, the project's lead should suggest a Project Reviewer who is an existing OWASP Leader. | ** If possible, the project's lead should suggest a Project Reviewer who is an existing OWASP Leader. | ||
** If the project's lead can't find a Project Reviewer, the OWASP Board will identify one. The same will happen whenever the reviewer suggested does not have the required approval. | ** If the project's lead can't find a Project Reviewer, the OWASP Board will identify one. The same will happen whenever the reviewer suggested does not have the required approval. | ||
− | | align=" | + | | style="width:10%; background:#e6e6e6" align="center"|[[:Category:OWASP CSRFTester Project|OWASP CSRFTester Project]] |
− | |- | + | |- |
|} | |} | ||
== Assessment Scale for OWASP DOCUMENTATION Projects== | == Assessment Scale for OWASP DOCUMENTATION Projects== | ||
− | {| | + | {| style="width:100%" border="0" align="center" |
− | |- | + | ! colspan="4" align="center" style="background:#white; color:black"| |
− | + | |- | |
− | + | | style="width:10%; background:#C2C2C2" align="center"| '''Class''' | |
− | + | | style="width:60%; background:#C2C2C2" align="center"| '''Criteria''' | |
− | + | | style="width:20%; background:#C2C2C2" align="center"| '''Review Process''' | |
− | |- | + | | style="width:10%; background:#C2C2C2" align="center"| '''Example''' |
− | | style="background:#f2984c" align=" | + | |- |
− | | | + | | style="width:10%; background:#f2984c" align="center"|'''[[:Category:OWASP Project#Release_Quality_Projects|Release Quality OWASP Documentation]]''' |
+ | | style="width:60%; background:#e6e6e6" align="left"| | ||
All Beta Quality Requirements plus: | All Beta Quality Requirements plus: | ||
* Document has been reviewed and updated to be consistent and not overly repetitive with all other Release Quality OWASP Documentation. | * Document has been reviewed and updated to be consistent and not overly repetitive with all other Release Quality OWASP Documentation. | ||
Line 81: | Line 84: | ||
* Wiki content, if more than 30 pages, has been converted to an OWASP Book and is available for download or purchase at the [http://stores.lulu.com/owasp OWASP Lulu bookstore]. | * Wiki content, if more than 30 pages, has been converted to an OWASP Book and is available for download or purchase at the [http://stores.lulu.com/owasp OWASP Lulu bookstore]. | ||
* When approved to be Release Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Release Quality. | * When approved to be Release Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Release Quality. | ||
− | | | + | | style="width:20%; background:#e6e6e6" align="left"| |
* '''Requirement''': 2 Reviewers + 1 OWASP Board Member. | * '''Requirement''': 2 Reviewers + 1 OWASP Board Member. | ||
** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ||
** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ||
− | + | | style="width:10%; background:#e6e6e6" align="center"|[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]] | |
− | | align=" | + | |- |
− | |- | + | | style="width:10%; background:#ffcc66" align="center"|'''[[:Category:OWASP Project#Beta_Status_Projects|Beta Quality OWASP Documentation]]''' |
− | | style="background:#ffcc66" align=" | + | | style="width:60%; background:#e6e6e6" align="left"| |
− | | | ||
All Alpha Quality Requirements plus: | All Alpha Quality Requirements plus: | ||
* The document seems sufficiently or substantially complete with respect to the topic or process it is intended to cover. | * The document seems sufficiently or substantially complete with respect to the topic or process it is intended to cover. | ||
* All wiki content has been reviewed by a technical editor to ensure that English grammar is correct, understandable, and the content flows well. | * All wiki content has been reviewed by a technical editor to ensure that English grammar is correct, understandable, and the content flows well. | ||
* Clear efforts to interlink this document to other appropriate Beta and Release Quality OWASP Documentation and Tools projects have been made. | * Clear efforts to interlink this document to other appropriate Beta and Release Quality OWASP Documentation and Tools projects have been made. | ||
− | |||
* When approved to be Beta Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Beta. | * When approved to be Beta Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Beta. | ||
− | | | + | | style="width:20%; background:#e6e6e6" align="left"| |
* '''Requirement''': 2 Reviewers. | * '''Requirement''': 2 Reviewers. | ||
** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ** If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project Leader. | ||
** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval. | ||
− | | align=" | + | | style="width:10%; background:#e6e6e6" align="center"|[[:Category:OWASP CLASP Project|OWASP CLASP Project]] |
− | |- | + | |- |
− | | style="background:#ffff66" align=" | + | | style="width:10%; background:#ffff66" align="center"|'''[[:Category:OWASP Project#Alpha_Status_Projects|Alpha Quality OWASP Documentation]]''' |
− | | | + | | style="width:60%; background:#e6e6e6" align="left"| |
* Agree to [[OWASP Licenses|OWASP's open source license]] | * Agree to [[OWASP Licenses|OWASP's open source license]] | ||
* The “main” page for any OWASP documentation project must be on the OWASP website. This page must: | * The “main” page for any OWASP documentation project must be on the OWASP website. This page must: | ||
Line 113: | Line 114: | ||
* [https://lists.owasp.org/mailman/listinfo Mailing list for project created]. | * [https://lists.owasp.org/mailman/listinfo Mailing list for project created]. | ||
* Solves a core application security documentation/process need. | * Solves a core application security documentation/process need. | ||
− | | | + | | style="width:20%; background:#e6e6e6" align="left"| |
* '''Requirement''': 1 Reviewer. | * '''Requirement''': 1 Reviewer. | ||
** If possible, the project's lead should suggest a Project Reviewer who is an existing OWASP Leader. | ** If possible, the project's lead should suggest a Project Reviewer who is an existing OWASP Leader. | ||
** If the project's lead can't find a Project Reviewer, the OWASP Board will identify one. The same will happen whenever the reviewer suggested does not have the required approval. | ** If the project's lead can't find a Project Reviewer, the OWASP Board will identify one. The same will happen whenever the reviewer suggested does not have the required approval. | ||
− | | align=" | + | | style="width:10%; background:#e6e6e6" align="center"|[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Project]] |
− | |- | + | |- |
|} | |} | ||
Revision as of 16:22, 29 April 2008
The following defines the quality levels for OWASP TOOLS and DOCUMENTATION (Projects). Rating projects against these criteria aid in recognizing excellent contributions and identifying projects in need of further work. All existing OWASP projects and their current ratings are here.
The Tool ratings are reasonably complete. The documentation rates still need to be developed.
Assessment Scale for OWASP TOOLS Projects
Class | Criteria | Review Process | Example |
Release Quality OWASP Tools |
All Beta Quality Requirements plus:
Recommendations:
|
|
OWASP WebGoat Project |
Beta Quality OWASP Tools |
All Alpha Quality Requirements plus:
|
|
OWASP AntiSamy Project |
Alpha Quality OWASP Tools |
|
|
OWASP CSRFTester Project |
Assessment Scale for OWASP DOCUMENTATION Projects
Class | Criteria | Review Process | Example |
Release Quality OWASP Documentation |
All Beta Quality Requirements plus:
|
|
OWASP AppSec FAQ Project |
Beta Quality OWASP Documentation |
All Alpha Quality Requirements plus:
|
|
OWASP CLASP Project |
Alpha Quality OWASP Documentation |
|
|
OWASP AJAX Security Project |
FAQ
- 1. What is the purpose of the project ratings?
- The rating system allows OWASP to monitor the quality of Projects in our subject areas, and to prioritize work on these projects. It is also utilized to prepare for static releases of Wikipedia content.
- 2. How do I add a project (tool or documentation) to the OWASP Projects?
- To propose a new project, please send an email to OWASP.
- 3. How does the assessment scale work?
- Each category has a set of requirements/criteria to be met. Beta Quality implies that all of its requirements, as well as the Alpha Quality requirement have been met. Release Quality implies that all of the requirements, including Alpha and Beta, have been met.
- 4. Who can assess projects?
- The OWASP Project Manager can assign you a reviewer.
- 5. Why didn't the reviewer leave any comments?
- Unfortunately, due to the volume of projects that need to be assessed, we are unable to leave detailed comments in most cases. If you have particular questions, you might ask the person who assessed the project; they will be happy to provide you with their rationale.
- 6. What if I don't agree with a rating?
- You can list it in the section for assessment requests below, and someone will take a look at it. Alternatively, you can ask any member of the project to rate the project again.
- 7. Aren't the ratings subjective?
- Yes, they are somewhat subjective, but it's the best system we've been able to devise. If you have a better idea, please don't hesitate to let us know!
- 8. What if I have a question not listed here?
- If your question concerns the project assessment process specifically, please contact OWASP or its Project Manager directly.
Requests for assessment
If you have made significant changes to a project and would like an outside opinion on a new rating for it, please feel free to list it below and e-mail OWASP Project Manager.
- Here
- Or here
- Add new requests above this line
Pages in category "OWASP Project Assessment"
The following 14 pages are in this category, out of 14 total.