This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C"

From OWASP
Jump to: navigation, search
 
(3 intermediate revisions by the same user not shown)
Line 15: Line 15:
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
Demo of enigform/OpenPGP authentication and secure session management proved successful.  For final we need documentation that Buanzo is working on at his wiki site published on the OWASP site.  Also, I would like to see a website and a demo of session based attacks against the site with the OpenPGP extensions (can we use OWASP testing guide examples?)
+
Demo of enigform/OpenPGP authentication and secure session management proved successful.  For final we need how-to documentation that Buanzo is working on at his wiki site published on the OWASP Enigform / mod_OpenPGP site.  Also, final review will require a website (Buanzo has one in SVN, but Dinis was interested in using WebGoat) and I'd like a demo of session based attacks against the site with the extensions (maybe we can we use OWASP testing guide examples, see [[Testing for Session Management]])
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  

Latest revision as of 02:52, 2 July 2008

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Demo of enigform/OpenPGP authentication and secure session management proved successful. For final we need how-to documentation that Buanzo is working on at his wiki site published on the OWASP Enigform / mod_OpenPGP site. Also, final review will require a website (Buanzo has one in SVN, but Dinis was interested in using WebGoat) and I'd like a demo of session based attacks against the site with the extensions (maybe we can we use OWASP testing guide examples, see Testing for Session Management)

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

60% (I worked with Buanzo on testing Enigform and mod_openpgp for secure sessions, extensions appear to work).

3. Please do use the right hand side column to provide advice and make work suggestions.

Buanzo is a motivated security developer. Maybe he can provide development guidance after the SoC 2008 for others to learn from.