This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:Sqlibench - Final Review - Self Evaluation - B"

From OWASP
Jump to: navigation, search
 
Line 15: Line 15:
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#SQL_Injector_Benchmarking_Project_.28SQLiBENCH.29|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#SQL_Injector_Benchmarking_Project_.28SQLiBENCH.29|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
%90-%95 of the overall deliverables are finished. The three unfinished jobs we have are; creating videos of the preparing the environment (nevertheless written documentation has been produced) and writing webscarab-beanshell scripts in order to show the exploits are real (instead we have created a howto document explaining the testing methodology for other benchmarkers, including example runs of sqlmap)  
+
%90-%95 of the overall deliverables are finished. The two unfinished jobs we have are; creating videos of the preparing the environment (nevertheless written documentation has been produced) and writing webscarab-beanshell scripts in order to show the exploits are real (instead we have created a howto document explaining the testing methodology for other benchmarkers, including example runs of sqlmap)  
  
 
Additional to the %50 review deliverables, here are other deliverables adding upto the %100 review;  
 
Additional to the %50 review deliverables, here are other deliverables adding upto the %100 review;  

Latest revision as of 09:54, 28 September 2008

.

50% REVIEW PROCESS

Project Deliveries & Objectives

Sqlibench Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

%90-%95 of the overall deliverables are finished. The two unfinished jobs we have are; creating videos of the preparing the environment (nevertheless written documentation has been produced) and writing webscarab-beanshell scripts in order to show the exploits are real (instead we have created a howto document explaining the testing methodology for other benchmarkers, including example runs of sqlmap)

Additional to the %50 review deliverables, here are other deliverables adding upto the %100 review;

1. xml benchmarking report (http://sqlibench.googlecode.com/files/sqlibench_v2.1.xml)

2. tabular pdf benchmarking report (http://sqlibench.googlecode.com/files/sqlibench_matrix_v2.pdf).

3. updated interactive web application (http://www.webguvenligi.org/sqlibench/web/index.php)

4. benchmarker life saver document (http://code.google.com/p/sqlibench/wiki/HowToBenchmark)

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

%90-%95 of the deliverables are finished with only two empty spots (creating videos of the preparing the testing environment and writing webscarab beanshell scripts in order to show the exploits are real). We've also contacted the most of the sql injectors authors and acquired nonpublished new versions of their tools.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

We'd love to hear comments on the criteria list we have produced (http://code.google.com/p/sqlibench/wiki/BenchmarkingCriteria).

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

None. All criteria seems to be fulfilled.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

None. We don't have any installer, though, which should be ok for documentation projects. Installer for the vulnerable .NET application could have been created but installation process is well-documented/easy and it's just a small part of the overall project.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

N/A. Status target of the project is Beta.

4. What kind of help is required either from the Reviewers or from the OWASP Community?

None. However, we'd love to hear comments on the criteria list we have produced (http://code.google.com/p/sqlibench/wiki/BenchmarkingCriteria).