This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template Securing WebGoat using ModSecurity - Final Review - Second Reviewer - F
Clik here to return to the previous page.
| FINAL REVIEW | ||
|---|---|---|
| PART I | ||
|
Project Deliveries & Objectives |
OWASP Securing WebGoat using ModSecurity Project's Deliveries & Objectives | |
| QUESTIONS | ANSWERS | |
|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
The project deliveries & objectives have been accomplished, despite a very ambitious goal and certain knowledge gab in the start phase of the project. Stephen coped with this very well. | |
|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
85%, which is not quite 90%. However, as long as webgoat is beta and certain important aspects of ModSecurity are considered experimental, this is already very much. I believe the developer was not aware of how dynamic Webgoat still was. And the he only discovered the need to use of experimental features in ModSecurity during the project. This used a lot of time. | |
|
3. Please do use the right hand side column to provide advice and make work suggestions. |
No further advice and suggestions needed. | |
| PART II | ||
|
Assessment Criteria |
||
| QUESTIONS | ANSWERS | |
|
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
All criteria in terms of Alpha Quality fulfilled. | |
|
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
It is close to this stage. More interlinking should be done though. For example a link on the webgoat page (in the category section for example) would be helpful for finding the project. | |
|
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
does not apply (yet) | |
|
4. Please do use the right hand side column to provide advice and make work suggestions. |
||
