Current Status : Scrubbing code and improving documentation .
The Project aims at enhancing the Secure Code Review module by:
• Developing additional security reviews in the secure code review module.
• Developing parsed based routines to find the vulnerable usage of the functions of source code of module.
• Developing Taint injection module to inject data into input fields.
• Displaying security review results
Tasks before May 21, 2012:
Conduct research on security vulnerabilities ,their prevention measures and secure coding techniques.
Study and understanding existing Secure code review code.
Planning designing and prototyping for enhancing Secure code review
Tasks before June 5, 2012:
Prepare sample modules with code vulnerabilities and understanding how the functions in these modules are vulnerably used and how does it affecting the website.
Prepare database of different inputs (data) to be injected in input fields to exploit the vulnerability in the sample modules.
Tasks before June 25, 2012:
Develop additional Security review routines to locate vulnerabilities in the sample modules.
Develop Parsed based routines to predict the vulnerabilities in the sample modules:
Now these routines will be developed separately from the security review routines, they discover the vulnerable usage of the functions in the sample modules and predicts the inputs that is to be fed in the inputs fields to exploit vulnerability
Tasks before July 5, 2012:
Integrate Security review routines with the Parsed based routines:
Since every time preparing the inputs with the parsed based routines is very cumbersome so its better to use parsed based routines only in places where security review routines encounters novel code snippet and is not able to determine whether the code snippet is secure or not.So Secure code review module will review the code first with security review routines and if it’s unsuccessful then it will do the reviewing by parsed based routines.
Tasks before Jul 20, 2012:
Prepare the Taint Injection module
Tasks before Jul 30, 2012:
Integrate Secure code review module with the Taint injection module:
Taint injection module will use the results from parsed based routines and checks for vulnerabilities
Tasks before Aug 10, 2012:
Develop and implement a user interface to display security review results.
Tasks before Aug 20, 2012:
Scrub code, write tests and improve documentation.