This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template Securing WebGoat using ModSecurity - Final Review - First Reviewer - D

From OWASP
Jump to: navigation, search

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Securing WebGoat using ModSecurity Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The objectives of the project have been accomplished. This is a research project and the scope of the problem was largely unknown at the beginning.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

85% out of 90%.

3. Please do use the right hand side column to provide advice and make work suggestions.

The use of Lua scripting is very interesting, but the dynamic evaluation of externally-supplied data is extremely dangerous. This project demonstrates one approach that mustn't be taken in production (which is acceptable, considering the research nature of the project).
PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

Yes.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

Yes.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

Not applicable.

4. Please do use the right hand side column to provide advice and make work suggestions.