This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Access Control Rules Tester Project"

From OWASP

Jump to: navigation, search

Revision as of 14:08, 26 January 2009

PROJECT IDENTIFICATION
Project Name	OWASP Access Control Rules Tester Project
Short Project Description	I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed.
Key Project Information	Project Leader Andrew Petukhov	Project Contributors (if applicable)	Mailing List Subscribe here Use here	License Creative Commons Attribution Share Alike 3.0	Project Type Tool	Sponsors OWASP SoC 08

PROJECT MAIN LINKS
What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf Google Code Project page: http://code.google.com/p/accorute/ AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf Presentation from OWASP EU Summit 2008 http://accorute.googlecode.com/files/OWASP_EU_Summit_2008_AcCoRuTe.ppt

SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008	Sponsored Project/Guidelines/Roadmap

ASSESSMENT AND REVIEW PROCESS
Review/Reviewer	Author's Self Evaluation (applicable for Alpha Quality & further)	First Reviewer (applicable for Alpha Quality & further)	Second Reviewer (applicable for Beta Quality & further)	OWASP Board Member (applicable just for Release Quality)
50% Review	Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away	Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C)	Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away	X
Final Review	Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/SelfEvaluation (B)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D)	Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/2nd Reviewer (F)	X

PROJECT IDENTIFICATION
Project Name	OWASP Access Control Rules Tester Project
Short Project Description	I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed.
Email Contacts	Project Leader Andrew Petukhov	Project Contributors (if applicable) Name&Email	Mailing List/Subscribe Mailing List/Use	First Reviewer Steve Antoniewicz	Second Reviewer Min Chen Profile	OWASP Board Member (if applicable) Name&Email

PROJECT MAIN LINKS
What are business logic vulnerabilities? An attempt to define their scope: http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf AcCoRuTe approach described http://accorute.googlecode.com/files/AcCoRuTe.pdf Google Code Project page: http://code.google.com/p/accorute/ AcCoRuTe version 1.0.0 binaries: http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip AcCoRuTe User Guide http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf Presentation from OWASP EU Summit 2008 http://accorute.googlecode.com/files/OWASP_EU_Summit_2008_AcCoRuTe.ppt

SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008	Sponsored Project/Guidelines/Roadmap

ASSESSMENT AND REVIEW PROCESS
Review/Reviewer	Author's Self Evaluation (applicable for Alpha Quality & further)	First Reviewer (applicable for Alpha Quality & further)	Second Reviewer (applicable for Beta Quality & further)	OWASP Board Member (applicable just for Release Quality)
50% Review	Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away	Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C)	Objectives & Deliveries reached? Yes --------- The project undergoes 100% review straight away	X
Final Review	Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/SelfEvaluation (B)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D)	Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/2nd Reviewer (F)	X

Retrieved from "https://wiki.owasp.org/index.php?title=Project_Information:template_Access_Control_Rules_Tester_Project&oldid=52064"

@@ Line 1: / Line 1: @@
 {| style="width:100%" border="0" align="center"
-  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
+  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
   |-
   | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
-  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Access Control Rules Tester Project'''
+  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Access Control Rules Tester Project'''
   |-
   | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
   | colspan="6" style="width:85%; background:#cccccc" align="left"|I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed.
   |-
-  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
+  | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information'''
-  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:petand(at)lvk.cs.msu.su '''Andrew Petukhov''']
+  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Petand|'''Andrew Petukhov''']]
-  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
-  | style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Mailing List/Subscribe''']<br>
+  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-access-control-rules-tester-project '''Subscribe here''']<br>
-[mailto:[email protected] '''Mailing List/Use''']
+[mailto:[email protected] '''Use here''']
-  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:santon(at)owasp.org '''Steve Antoniewicz''']
+  | style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
-  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:mg_chen(at)yahoo.com '''Min Chen''']<br>[http://www.linkedin.com/in/mgchen Profile]
+  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta_Status_Projects|'''Tool''']]
-  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+  | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]
   |}
 {| style="width:100%" border="0" align="center"
   ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''

Difference between revisions of "Project Information:template Access Control Rules Tester Project"

Revision as of 14:08, 26 January 2009

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools