This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F"
From OWASP
Bradcausey (talk | contribs) |
Bradcausey (talk | contribs) |
||
| Line 17: | Line 17: | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised. | 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised. | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"|All objectives are complete to my observation. Because of how modular the implementation of server headers are done, this would be easy to use in ASP.NET or any other language. We didn't use WebGoat, instead opting for Word Press. This is actually better because it allows for implementation into an application that is used in production and results can be easily replicated. All documentation is great and I have personally tested each feature successfully. |
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please quantify in terms of percentage. | 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please quantify in terms of percentage. | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"|100% |
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
3. Please do use the right hand side column to provide advice and make work suggestions. | 3. Please do use the right hand side column to provide advice and make work suggestions. | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"|Creating modules for other open source applications such as DNN and WebGoat could be future goals. |
|- | |- | ||
| style="width:25%; background:white" align="center"|'''PART II''' | | style="width:25%; background:white" align="center"|'''PART II''' | ||
| Line 40: | Line 40: | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status? | 1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status? | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"|Because this isn't a 'Single Component Application' it would be difficult to centrally house all code. Today, each component is housed in the appropriate location, mozdev.org, and wordpress. Also, this project addresses the core insecurity of the HTTP protocol. |
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status? | 2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status? | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"|The client does use a GUI (FireFox addons tool and PGP). The server side cannot use a GUI because it is being installed on a web server (most of which have no GUI for security reasons). The server side installation is comparable to other web security addons, and offers much more protection by comparison. |
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status? | 3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status? | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"| N/A |
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
4. Please do use the right hand side column to provide advice and make work suggestions. | 4. Please do use the right hand side column to provide advice and make work suggestions. | ||
| − | | colspan="2" style="width:75%; background:#cccccc" align="left"| | + | | colspan="2" style="width:75%; background:#cccccc" align="left"|See previous suggestions. |
|} | |} | ||
Latest revision as of 02:58, 16 March 2009
Clik here to return to the previous page.
| FINAL REVIEW | ||
|---|---|---|
| PART I | ||
|
Project Deliveries & Objectives |
OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives | |
| QUESTIONS | ANSWERS | |
|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
All objectives are complete to my observation. Because of how modular the implementation of server headers are done, this would be easy to use in ASP.NET or any other language. We didn't use WebGoat, instead opting for Word Press. This is actually better because it allows for implementation into an application that is used in production and results can be easily replicated. All documentation is great and I have personally tested each feature successfully. | |
|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
100% | |
|
3. Please do use the right hand side column to provide advice and make work suggestions. |
Creating modules for other open source applications such as DNN and WebGoat could be future goals. | |
| PART II | ||
|
Assessment Criteria |
||
| QUESTIONS | ANSWERS | |
|
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
Because this isn't a 'Single Component Application' it would be difficult to centrally house all code. Today, each component is housed in the appropriate location, mozdev.org, and wordpress. Also, this project addresses the core insecurity of the HTTP protocol. | |
|
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
The client does use a GUI (FireFox addons tool and PGP). The server side cannot use a GUI because it is being installed on a web server (most of which have no GUI for security reasons). The server side installation is comparable to other web security addons, and offers much more protection by comparison. | |
|
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
N/A | |
|
4. Please do use the right hand side column to provide advice and make work suggestions. |
See previous suggestions. | |
