This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template AppSensor Project - Final Review - Second Reviewer - F
Clik here to return to the previous page.
| FINAL REVIEW | ||
|---|---|---|
| PART I | ||
|
Project Deliveries & Objectives |
||
| QUESTIONS | ANSWERS | |
|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
Beta Status Reached - All planned activities completed | |
|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
Beta Status Reached - All planned activities completed | |
|
3. Please do use the right hand side column to provide advice and make work suggestions. |
AppSensor is a strategy to implement intrusion detection. However, the introduction seems unclear to this point. I would add in a line along the lines of “AppSensor offers prescriptive guidance to implement intrusion detection capabilities into application through the use of standard security controls.” Illustration of your architecture would be powerful You assigned a weight/point scale to exception types. I’d elaborate more on how you arrived at those values and discuss the ability to tailor those numbers within organizations. For many places, those numbers may need to be modified. How do you recommend that do this? I’d really like to see a case study whereby the AppSensor concepts are implemented using ESAPI and WebGoat. Obviously this a lot of work to implement, so a high level document overview describing the process would prove useful. The document reads to end abruptly. I’d consider adding in some conclusion content discussing “Next Steps” - what should developers, architects, managers do with this guidance? How can best integrate this into my application architectures? At a high level, I believe you’ve achieved your goals as documented in the original SoC 2008 proposal. I think addressing some of the ideas outlined above would add significant value to your deliverable. | |
| PART II | ||
|
Assessment Criteria |
||
| QUESTIONS | ANSWERS | |
|
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
NA | |
|
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
Best Status Reached | |
|
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
NA | |
|
4. Please do use the right hand side column to provide advice and make work suggestions. |
None | |
