This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Access Control Rules Tester Project"

From OWASP
Jump to: navigation, search
Line 26: Line 26:
 
Provisory '''[[:Category:OWASP_Project_Assessment#Beta_Quality_Tool_Criteria|Beta Quality]]'''<br>(Waiting for First Review)<br>[[:Access Control Rules Tester Project - Assessment Frame|Please see here for complete information.]]
 
Provisory '''[[:Category:OWASP_Project_Assessment#Beta_Quality_Tool_Criteria|Beta Quality]]'''<br>(Waiting for First Review)<br>[[:Access Control Rules Tester Project - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="center"|
 
  | style="width:42%; background:#cccccc" align="center"|
* [http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf What are business logic vulnerabilities? An attempt to define their scope]  
+
[http://accorute.googlecode.com/files/OWASP_EU_Summit_2008_AcCoRuTe.ppt PPT Presentation]<br>[http://accorute.googlecode.com/files/BusinessLogicVulnerabilities.pdf What are business logic vulnerabilities? - An attempt to define their scope]<br>[http://accorute.googlecode.com/files/AcCoRuTe.pdf AcCoRuTe approach described]<br>[http://code.google.com/p/accorute/ Google Code Project page]<br>[http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip AcCoRuTe version 1.0.0 binaries]<br>[http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf AcCoRuTe User Guide]
* [http://accorute.googlecode.com/files/AcCoRuTe.pdf AcCoRuTe approach described]
 
* [http://code.google.com/p/accorute/ Google Code Project page]
 
* [http://accorute.googlecode.com/files/AcCoRuTe-1.0.0.zip AcCoRuTe version 1.0.0 binaries]
 
* [http://accorute.googlecode.com/files/AcCoRuTe-1.0.0-userguide.pdf AcCoRuTe User Guide]
 
* [http://accorute.googlecode.com/files/OWASP_EU_Summit_2008_AcCoRuTe.ppt PPT Presentation]  
 
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
 
If any, add link here
 
If any, add link here
 
  |}
 
  |}
 
----
 
----

Revision as of 15:19, 26 January 2009


PROJECT IDENTIFICATION
Project Name OWASP Access Control Rules Tester Project
Short Project Description I believe that web application business logic vulnerabilities will be under increasing attention in near future. Although input validation vulnerabilities (XSS, SQLI) are in overwhelming majority nowadays, many automated approaches have emerged that deal with them. On the contrary, there are no known approaches (and methodologies for security experts) to classify or even detect business logic vulnerabilities. Besides, business logic flaws usually expose web application to great risks (according to OWASP Testing Guide). The proposal is to make an attempt to create a systematic approach that addresses business logic vulnerabilities. To begin with, access control flaws are surveyed.
Key Project Information Project Leader
Andrew Petukhov
Project Contributors
(if applicable)
Mailing List
Subscribe here
Use here
License
GNU General Public License v2
Project Type
Tool
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Provisory Beta Quality
(Waiting for First Review)
Please see here for complete information.

PPT Presentation
What are business logic vulnerabilities? - An attempt to define their scope
AcCoRuTe approach described
Google Code Project page
AcCoRuTe version 1.0.0 binaries
AcCoRuTe User Guide

If any, add link here