This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template AppSensor Project - Final Review - First Reviewer - D
Clik here to return to the previous page.
FINAL REVIEW | ||
---|---|---|
PART I | ||
Project Deliveries & Objectives |
||
QUESTIONS | ANSWERS | |
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
Beta Status Reached - All planned activities completed | |
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
Beta Status Reached - All planned activities completed | |
3. Please do use the right hand side column to provide advice and make work suggestions. |
"The concept of the AppSensor is to detect malicious activity within an application before a user is able to identify and exploit a vulnerability. This objective is possible because many vulnerabilities will only be discovered as a result of trial and error by the attacker." For clarity, the introduction needs to standardize on some terms to carry through the remainder of the document. Specifically, you need a way to differentiate an innocent, application user from a malicious application user. In the response section, you start to discuss the possible causes of an alert: unintentional, suspicious, malicious. You then have a bulleted list that uses sightly different terminology, but seems to indicate all cases are malicious. This need clarification. "Malicious Intent Possible User Error Possible Attack Clear Malicious Activity " Maybe instead of saying "malicious activity" call it "detected activity", then go on to discuss how it will be classified as malicious or not. | |
PART II | ||
Assessment Criteria |
||
QUESTIONS | ANSWERS | |
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
NA | |
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
Beta Status has been reached. | |
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
NA | |
4. Please do use the right hand side column to provide advice and make work suggestions. |
None |