This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Joomla Vulnerability Scanner Project Assessment Criteria

From OWASP
Revision as of 23:51, 8 March 2018 by Rezasp (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Alpha Release Tool Criteria

Blank Alpha Release Tool Example

Pre-Assessment Checklist:

Yes. http://www.owasp.org/index.php/Key_Project_Information:OWASP_Joomla_Vulnerability_Scanner_Project

Yes. GPL version 3.

  • Is the source code and any documentation available in an online project repository? (e.g. Google Code or github)

Yes. https://github.com/rezasp/joomscan.git

  • Is there working code?

Yes.

  • Is there a roadmap for this project release which will take it from Alpha to Stable release?

Yes. http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project_-_Roadmap

Beta Release Tool Criteria

Blank Beta Release Tool Example

Pre-Assessment Checklist:

  • Are the Alpha pre-assessment items complete?

Yes.

  • Is there an installer or stand-alone executable?

Yes.

  • Is there user documentation on the OWASP project wiki page?

Yes.

  • Is there an "About box" or similar help item which lists: Project Release Name, Short Description, Project Release Lead and contact information, Project Release Contributors, Project Release License, Project Release Sponsors, Release status and date assessed, Link to OWASP Project Page

Yes

  • Is there documentation on how to build the tool from source including obtaining the source from the code repository?

There is no need for it because the tool is written in interpreted language.

  • Is the tool documentation stored in the same repository as the source code?

Yes.

Stable Release Tool Criteria

Blank Stable Release Tool Example

Pre-Assessment Checklist:

  • Are the Alpha and Beta pre-assessment items complete?

Yes

  • Does the tool include documentation built into the tool?

Yes

  • Does the tool include build scripts to automate builds?

There is no need for it because the tool is written in interpreted language.

  • Is there a publicly accessible bug tracking system?

Yes. https://lists.owasp.org/mailman/listinfo/owasp-joomla-vulnerability-scanner

  • Have any existing limitations of the tool been documented?

Yes. http://www.owasp.org/index.php/OWASP_Joomla_Vulnerability_Scanner_Limitations#Limitations_on_Current_Release