Project Information:template AppSensor Project - 50 Review - First Reviewer - C

Project Deliveries & Objectives

OWASP AppSensor Project's Deliveries & Objectives

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The goals for the 50% deliverable include: High level planning & design: Complete Identify and define attack patterns against applications: This has been integrated as examples for each of the detection points. Document points of detection within the application for the attack patterns & identify key information to log: 40 Detection points have been documented and categorized by exception type. A description and attack example has been provided for each along with any limitations for the specific detection item. Each of these objectives have been met. The documentation will be updated per reviewer comments.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

Objectives for Phase 1:

• High Level Planning 100%
• Attack Patterns 100%
• Detection Points 100%

3. Please do use the right hand side column to provide advice and make work suggestions.

• The biggest issue I had was the general look and feel – wanted to make the document more visually appealing. (Eric did a great job reworking the document format -MC)
• Make sure you run spell and grammar check. Found a number of small issues, fixed most.
• Based on prior discussions, this was supposed to incorporate ESAPI. Are you still planning on this?
• I'd like to see some implementation guidance for some key technologies (i.e. J2EE and .NET). I'm thinking "this control can be a J2EE filter utilizing ESAPI method N".
• Document seems unclear if AppSensor is purely guidance for an implementation or the requirements of an implementation yet to come.