mini-project

Moderator: Secure Software Development

lbenothmane
Erstie
Erstie
Beiträge: 11
Registriert: 23. Nov 2015 11:11

mini-project

Beitrag von lbenothmane » 26. Nov 2015 16:30

Many students were asking about help in the selection of open sources software to work on for the project.

The goal is that you make your own choice. However, you may, for example, check e-commerce software. See examples from:
https://en.wikipedia.org/wiki/Compariso ... frameworks

You may focus, in your work, on only a set of modules of the software you choose. Your should specify the information in your project proposal, though.

uhweh
Neuling
Neuling
Beiträge: 10
Registriert: 16. Okt 2013 13:51

Re: mini-project

Beitrag von uhweh » 1. Dez 2015 22:01

I'm also having trouble selecting an open source project for analysis. Since I have never done a security analysis before, I don't know how big (e.g. lines of code, number of features) the source needs to be to fit the exercise's scope. I'm afraid to either select a project that is too small to find relevant issues or too big or complex to analyse completely.

Could you please give me some hints about the size of a suitable open source project (e.g. lines of code or a specific set of modules from the mentioned list)? Thank you.

lbenothmane
Erstie
Erstie
Beiträge: 11
Registriert: 23. Nov 2015 11:11

Re: mini-project

Beitrag von lbenothmane » 4. Dez 2015 11:27

Hello,

The size of the software is not an indicator. You will do a threat modeling of the software you select, run a testing/analysis tool, and analyse manually the findings. You are not going to analyze all the source code of the software manually in the context of the project--it takes long time to do so. As a rule of thumb this is should be around few hundreds of line of code for each team member. I evaluate the proposals and would let you know if the project is too big or too small.

Best,
Lotfi

Antworten

Zurück zu „Secure Software Development (SecDev)“