[Owasp-board] Fwd: Project Status Report

johanna curiel curiel johanna.curiel at owasp.org
Tue Nov 24 00:40:30 UTC 2015


FYI
---------- Forwarded message ----------
From: Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
Date: Mon, Jul 28, 2014 at 5:47 AM
Subject: Re: Project Status Report
To: johanna curiel curiel <johanna.curiel at owasp.org>


Hi Johanna,


Here a real Secure Code Analysis done by a profession tool called CheckMarx
using OWASP TOP 10 2013 profile.
Attached also is the version 3.1 of CSRFGuard.

I will review all findings one by one and I will correct the code according
to the CERT Oracle Java Secure Coding standard 1.0 if needed.

I will send this week an email to all mailing list to ask all CSFRGuard
users to move the new repository not the old one.


According to the project abstract here is what I will do:

- This week : I will ask Sheridan to remove the old one or to indicate that
is an old version.
- End of August: I will create a create a wiki to manage CSFRGuard issues.
For this I need a clear help from OWASP : wiki location, if I need
assistance, etc ?

Thanks.
Azzeddine


On Sat, Jul 26, 2014 at 10:02 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Please, send me your finding  so we can update the info
>
> cheers
>
> Johanna
>
>
> On Fri, Jul 25, 2014 at 10:05 PM, Azzeddine Ramrami <
> azzeddine.ramrami at owasp.org> wrote:
>
>> Hi,
>> I didn't agree with this finding. It a false postive.
>> I will check the code again and confirm my proposal or you finding.
>> Thanks.
>> Azzeddine
>>
>>
>> On Fri, Jul 25, 2014 at 5:19 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Azzedine
>>>
>>> Here it is.Please I would only concern on the High Severity issues such
>>> as CWE-476
>>> You can use the SWAMP and check these issues if you would like to use
>>> this tool for free
>>>
>>> regards
>>>
>>> Johanna
>>> [image: Inline image 1]
>>>
>>>
>>> On Fri, Jul 25, 2014 at 5:25 AM, Azzeddine Ramrami <
>>> azzeddine.ramrami at owasp.org> wrote:
>>>
>>>> Hi Kait,
>>>>
>>>> Thank you.
>>>> Is ir possible to send me the complete security report generated bu
>>>> CodeDX?
>>>> Regards,
>>>> Azzeddine
>>>>
>>>>
>>>> On Fri, Jul 25, 2014 at 4:25 AM, Kait Disney-Leugers <
>>>> kait.disney.leugers at owasp.org> wrote:
>>>>
>>>>> Dear Azzeddine,
>>>>>
>>>>> I have included the results of your project's review that Johanna
>>>>> conducted. Take a look at the review and if you have any comments to add or
>>>>> if we have missed something, please let us know. We are giving you one week
>>>>> to add any comments, and after that deadline, the report will become
>>>>> official.
>>>>>
>>>>> Feel free to reach out to Johanna with your comments, and please cc
>>>>> the Projects Task Force.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Kait Disney-Leugers
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Azzeddine RAMRAMI
>>>> +33 6 65 48 90 04.
>>>> Enterprise Security Architect
>>>> OWASP Leader (Morocco Chapter)
>>>> Mozilla Security Projects Mentor
>>>>
>>>
>>>
>>
>>
>> --
>> Azzeddine RAMRAMI
>> +33 6 65 48 90 04.
>> Enterprise Security Architect
>> OWASP Leader (Morocco Chapter)
>> Mozilla Security Projects Mentor
>>
>
>


-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
Enterprise Security Architect
OWASP Leader (Morocco Chapter)
Mozilla Security Projects Mentor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151123/9cee53bc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 214797 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151123/9cee53bc/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CSRFGuard-3.1.pdf
Type: application/pdf
Size: 508584 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151123/9cee53bc/attachment-0001.pdf>


More information about the Owasp-board mailing list