AntiSamy (Java) Project - Assessement check list
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
Still loading...
ABCDE
1
2
OWASP AntiSamy (Java) Project
3
4
ASSESSEMENT CHECK LIST
5
6
CRITERIAACCOMPLISHED
yes/no
LINK
If possible, point out the link
7
8
RELEASE QUALITY DOCUMENTATION
9
All Beta Quality Requirements plus:
10
Be reasonably easy to use yesESAPI uses it - only takes a dozen lines of code
11
Include online documention built into tool (based on required user documentation) yes
12
Include build scripts that facilitate building the application from source (Goal: One-click build) yes
13
Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge) yeshttp://code.google.com/p/owaspantisamy/issues/list
14
Be run through Fortify Software's open source review (if appropriate) and FindBugs. yeshttps://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project#OWASP_Projects_Scanned
15
C/C++ apps (if we have any) should consider being run through Coverity's open source review. Coverity also accepts submissions for open source Java applications. yes
16
When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality. yes
17
Recommendations:
18
Conference style Powerpoint presentation that describes the use and status of the tool. (This could be used by others to discuss the tool at OWASP Chapter meetings, serve as easy to review offline documentation, etc.) yeshttp://code.google.com/p/owaspantisamy/downloads/list
19
UAT pass on functionality of the tool yesESAPI has test cases
20
Developer documents any limitations yes/not surehttp://code.google.com/p/owaspantisamy/downloads/list
21
Requirement: 2 Reviewers + 1 OWASP Board Member. yesJeff Williams
22
23
BETA QUALITY DOCUMENTATION
24
All Alpha Quality Requirements plus:
25
26
Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) yeshttp://code.google.com/p/owaspantisamy/downloads/list
27
Include user documentation in Project's OWASP Wiki page(s) yeshttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#How_do_I_get_started.3F
28
Add a common About Box or help menu in the tool itself (which lists name of tool, author, e-mail address of author, current version number and/or release date) yes (not really appropriate for a library)
29
Include documentation on how to build it from code, starting with getting it directly from the code repository. (Ideally, this would include easy to use build scripts, which is required for Release Quality) yeshttp://code.google.com/p/owaspantisamy/downloads/list
30
This documentation must stored be in the same repository as the code. yeshttp://code.google.com/p/owaspantisamy/downloads/list
31
When approved to be Beta Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Beta. n/a
32
Requirement: 2 Reviewers. yes
33
34
ALPHA QUALITY DOCUMENTATION
35
Agree to OWASP's open source licenseyeshttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#What_is_it.3F
36
The “main” page for any OWASP tool must be on the OWASP website. This page must:
37
describe the tool, the project leader, contact info, and include all relevant links, including a download link for the code and the executable version, yeshttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
38
includes a roadmap/guideline pointing out the steps to achieve the purpose of project. yeshttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Project_roadmap
39
include the Alpha Quality Tool project tag. (Which we still need to define), n/a
40
be placed at OWASP Project page. yeshttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
41
Have its code and any documentation in Googlecode, or Sourceforge. yeshttp://code.google.com/p/owaspantisamy/
42
Mailing list for project created. yeshttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#OWASP_AntiSamy_mailing_list
43
Solves a core application security need. yes
44
Requirement: 1 Reviewer. yesAntiSamy was a Summor of Code project originally
45
Loading...
 
 
 
Sheet1
Sheet2
Sheet3