This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - 50 Review - First Reviewer - C

From OWASP
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Application Security Tool Benchmarking Environment and Site Generator refresh Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

I'm unsure what the OWASP Application Security Tool Benchmarking Environment refers to, and was unable to assess its completeness. The project application does not provide specifics for the Application Security tool Benchmarking Environment.

Regarding the Site Generator UI refresh and componentization, the UI has been improved and there is a separation of code into components. I was able to download and install the application and generate sites.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

From my observation, and no real quantification of the project requirements, the Site Generator refresh is at 50%.

3. Please do use the right hand side column to provide advice and make work suggestions.

The following are notes that I have for the project:
  1. Help link is needed (for both v1 and v2). A concise how-to would be helpful. I reviewed the User Guide NG and maybe have a help toolbar item in the toolbar that opens that up (for a start)
  2. Maximized the application doesn't stretch well. You probably should disable maximization.
  3. What is the www.adrianTNT.com url link in the web directory of the generated site?
  4. How is the database installed for SQL injection vulns? Right now I'm getting an error that login for 'webuser' does not exist. I don't see any added databases.
  5. Are dependencies for SiteGen checked on install? If a user does not have .NET 2.0, is there a dep check?
  6. The web output looks dated. I don't like the flash menu and the web layout can be better.
  7. There are vulns in Site Generator 1 that are not in the update (e.g. HiddenFormField, IntegerOverflow, PoorEncryption, etc.). Have they been consolidated or removed? If so, was there a justification
  8. Is there a guide on adding my own vulnerabilities to the Site Generator templates?
  9. Is it possible to add templates for other languages?