This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template Access Control Rules Tester Project - Final Review - Second Reviewer - F
Clik here to return to the previous page.
| FINAL REVIEW | ||
|---|---|---|
| PART I | ||
|
Project Deliveries & Objectives |
OWASP Access Control Rules Tester Project's Deliveries & Objectives | |
| QUESTIONS | ANSWERS | |
|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
The project objectives are met. In terms of deliveries, the document and the tool are implemented, however, the tool doesn't have the Site Spider functionality, indeed it depends on third-party spider packages. | |
|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
1. Research technical report: 100% done 2. Access Control Rules Tester (AcCoRuTe) tool: 100% done. Although the Site Spider is a third-party tool instead of a built-in package, it doesn't affect the functionalities of the testing tool. | |
|
3. Please do use the right hand side column to provide advice and make work suggestions. |
1. Improving the abilities to detect access control violation in Applets and Web Services 2. Compatible with XACML 3. Better handling in role delegation, right now it's hard to test delegation 4. Providing an approach to integrate the tool into the early stage in software development life cycle | |
| PART II | ||
|
Assessment Criteria |
||
| QUESTIONS | ANSWERS | |
|
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
None | |
|
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
The "About box" has been implemented, however, since this is a command line based tool, the messages in the "About box" has been added to the README file | |
|
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
N/A | |
|
4. Please do use the right hand side column to provide advice and make work suggestions. |
The tool may provide a "-help" command line option to display name of tool, author, e-mail address of author, current version number and/or release date | |
