This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template WSFuzzer Project - First Review - Self Evaluation - A"

From OWASP
Jump to: navigation, search
(New page: Click here to return to the previous page. {| style="width:100%" border="0" align="center" ! colspan="3" align="center" style="backgroun...)
 
 
(9 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
  ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''50% REVIEW PROCESS'''  
+
  ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''FINAL REVIEW'''
 +
|-
 +
| style="width:25%; background:white" align="center"|'''PART I'''  
 +
| colspan="2" style="width:75%; background:white" align="left"|
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
Project Deliveries & Objectives   
 
Project Deliveries & Objectives   
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#XXXXXXXXXXXXXXXXX|XXXXXXXXXXXXXXXXX Project's Deliveries & Objectives]]
+
[[:Category:OWASP WSFuzzer Project#Goals|OWASP WSFuzzer Project's Goals]]
 
  |-
 
  |-
  | style="width:25x%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS'''  
+
  | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS'''  
 
  | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS'''   
 
  | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS'''   
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#XXXXXXXXXXXXXXXXX|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
+
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[:Category:OWASP WSFuzzer Project#Goals|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
+
  | colspan="2" style="width:75%; background:#cccccc" align="left"|Based on field feedback WSFuzzer is an active part of a web application pen testers toolkit. Hence in that respect the main objective of the software has been realized. Moreover from a functional perspective WSFuzzer does effectively automate the SOAP fuzzing process. The area of non-realization for WSFuzzer would be in the integration with other toolsets, or making the WSFuzzer functionality available to other tools.
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="center"|
 +
2. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[:Category:OWASP WSFuzzer Project#Goals|'''the assumed ones''']], please quantify in terms of percentage.
 +
| colspan="2" style="width:75%; background:#cccccc" align="left"|Automating SOAP Fuzzing - 100%<br>Becoming part of a pen testers toolkit - 100%<br>Integration with other tools - 0%
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="center"|
 +
3. What kind of help is required either from the Reviewers or from the OWASP Community?
 +
| colspan="2" style="width:75%; background:#cccccc" align="left"|Feedback from the community would be great. We get feedback from the field but not it is not OWASP centric. Technical help is ultimately what is necessary, coding and testing in particular to make WSFuzzer the best it can be.
 +
|-
 +
| style="width:25%; background:white" align="center"|'''PART II'''
 +
| colspan="2" style="width:75%; background:white" align="left"|
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
+
Assessment Criteria
2. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#XXXXXXXXXXXXXXXXX|'''the assumed ones''']], please quantify in terms of percentage.
 
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
[[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]
 +
|-
 +
| style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS'''
 +
| colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' 
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="center"|
 +
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?
 +
| colspan="2" style="width:75%; background:#cccccc" align="left"|WSFuzzer is now changed over to use the LGPL License.<br>The "Alpha Quality Tool project tag" is missing, this project was initiated as Beta within OWASP.
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="center"|
 +
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 +
| colspan="2" style="width:75%; background:#cccccc" align="left"|WSFuzzer does not have a "common About Box or help menu" since it does not have a GUI.<br>There is no build instruction neither because it is written in a scripting language, there is no compilation process.<br>I have no reviewers for the project.
 
  |-  
 
  |-  
  |-
+
| style="width:25%; background:#7B8ABD" align="center"|
 +
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 +
| colspan="2" style="width:75%; background:#cccccc" align="left"|Fortify and Findbugs are Java centric, WSFuzzer is written in Python.<br>I don't have any Powerpoint presentations for WSFuzzer.<br>
 +
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|
3. What kind of help is required either from the Reviewers or from the OWASP Community?
+
4. What kind of help is required either from the Reviewers or from the OWASP Community?
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
+
  | colspan="2" style="width:75%; background:#cccccc" align="left"|The project now has 1 reviewer so getting a second to fulfill this type of requirement is a real need.
 
|}
 
|}

Latest revision as of 03:32, 3 August 2008

Click here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP WSFuzzer Project's Goals

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Based on field feedback WSFuzzer is an active part of a web application pen testers toolkit. Hence in that respect the main objective of the software has been realized. Moreover from a functional perspective WSFuzzer does effectively automate the SOAP fuzzing process. The area of non-realization for WSFuzzer would be in the integration with other toolsets, or making the WSFuzzer functionality available to other tools.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

Automating SOAP Fuzzing - 100%
Becoming part of a pen testers toolkit - 100%
Integration with other tools - 0%

3. What kind of help is required either from the Reviewers or from the OWASP Community?

Feedback from the community would be great. We get feedback from the field but not it is not OWASP centric. Technical help is ultimately what is necessary, coding and testing in particular to make WSFuzzer the best it can be.
PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

WSFuzzer is now changed over to use the LGPL License.
The "Alpha Quality Tool project tag" is missing, this project was initiated as Beta within OWASP.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

WSFuzzer does not have a "common About Box or help menu" since it does not have a GUI.
There is no build instruction neither because it is written in a scripting language, there is no compilation process.
I have no reviewers for the project.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

Fortify and Findbugs are Java centric, WSFuzzer is written in Python.
I don't have any Powerpoint presentations for WSFuzzer.

4. What kind of help is required either from the Reviewers or from the OWASP Community?

The project now has 1 reviewer so getting a second to fulfill this type of requirement is a real need.