[Owasp-board] forensic analysis project

Paulo Coimbra paulo.coimbra at owasp.org
Thu Mar 5 17:08:25 UTC 2009


Hello Evgueni,

 

To meet you it’s a pleasure. Thank you for presenting your idea to lead an
OWASP Project. 

 

Regarding the question in which you have asked whether your proposal could
be part of OWASP Projects, I would immediately say yes, as we generically
welcome all the initiatives that, being open source, improve app security.
However, both the OWASP Board and the OWASP Projects Committee may have a
couple of recommendations and/or suggestions and I am carbon copying them so
as to create the opportunity to have the issue discussed.

 

Nevertheless, as I believe we will eventually reach a phase in which an
agreement about the good path to be followed is reached, so as to set up the
project page, I ask you to be kind enough to send me off the following
information:

 

1.       Project Name,

2.       Short Project Description,

3.       Main link(s) – if any,

4.       Related project(s) – if any,

5.       Detailed roadmap for future developments,

6.       License – see here <http://www.owasp.org/index.php/OWASP_Licenses>
, 

7.       Sponsor(s) – if any,

8.       Project Leader*,

9.       Project Contributors* - if any,

10.   First Reviewer – *,

11.   Second Reviewer*,

 

Meanwhile, for your reference, please read the OWASP
<https://www.owasp.org/index.php/Category:OWASP_Project_Assessment>
Assessment Criteria and take a look at an example of an OWASP
<https://www.owasp.org/index.php/Project_Information:template_Code_Review_Pr
oject>  Project skeleton/main frame.

 

Please have into account that, in result of what is established in the above
referred Assessment Criteria, if possible, the project's lead should suggest
two Project Reviewers and, at least, one of them should be an OWASP Project
or Chapter Leader. However, if you find impossible to track them down,
please let me know and I will try and help.

 

* For Project Leader, Contributors and Reviewers please create a wiki
account <https://www.owasp.org/index.php/Special:Userlogin>  and send me off
the link. See here <https://www.owasp.org/index.php/Tutorial>  how to do it
and here <https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project>
and here <https://www.owasp.org/index.php/User:Mtesauro>  an example of how
it will be used.

 

Should you have any further questions, please do not hesitate and get back
to me.

 

Many thanks, best regards,

 

Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager

 

 

From: Evgueni Tchijevski [mailto:evgueni.t at gmail.com] 
Sent: quinta-feira, 5 de Março de 2009 14:02
To: paulo.coimbra at owasp.org
Subject: forensic analysis project

 

Hello Paulo,

i would like to propose an OWASP project in a forensic field.

I'm writing a tool for apache server log  analysis based on anomaly
detection.

It supposed to be used after a security incident where is involved a web
application.

I'm writing this tool because searching a single line of an attack among MBs
of log could be a very annoying task to perform, thus instead of searching
through thousands of log entries, it will be provided only those that are
really relevant for the analysis.
Results will be sort according to anomaly  percentage of the request which
is calculated following some statistic methods.
For instance if a certain parameter is supposed to be only numeric (0-9) a
request where this certain parameter is "' union all.... etc" will be
classified as anomaly.

I am aware that  this approach have some limitations, for example POST
requests are non logged in standard logs.
BTW this tool could help analyzing incidents, speeding up this task. For any
further details, please don t' hesitate contacting me. 

Could this project be a part of OWASP projects?

Thanks 

Bye
Evgueni

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090305/39df9c7a/attachment-0002.html>


More information about the Owasp-board mailing list