[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Current WAS XML Schemas
Hi, OK back from the dead ;-) I am attaching what I have as the latest schema we developed before Christmas and wanted to send a basic summary of where I think we are so that others can start thinking and even working on updates before the next meeting. We agreed to spilt the WAS Schema into four main sections Meta-Data Profile Test Protect The Meta-Data and Profile will be developed by the WAS Core Group The Test will be developed by the WAS Test Group The Protect will be developed by the WAS Protect group The schema attached to this mail is a first draft of WAS Meta-Data and Profile. The deliverables for this section will be 1. Documented Schema 2. Thesaurus / Dictionary of Terms 3. Risk Ranking Model 4. Developers Guide to WAS 5. Managers Guide to WAS This group will also work with OWASP to enhance the current VulnXML database to accept and managed WAS signatures. OWASP's VulnXML was being considered as the basis WAS Test. This is currently in DTD format. The WAS Test group can decide whether to enhance the DTD or convert to schema at this stage or later. It was generally agreed that some enhancements to functionality would be desirable but no conclusions as to what they are or how they would manifest were made. The deliverables for this group are 1. Documented Schema 2. Reference Implementation of a WAS Execution engine in Java. No work has yet been done on the protect element. The deliverables will be 1. Documented Schema 2. Reference implementation (mod_security and CodeSeeker) Notes: 1. We have set provisional dates of August to deliver all of the above 2. We can define WAS 1.0 and WAS 2.0 in order to manage scope ! 3. The next meeting we will formalize who is working in each group. So far Mark Curphey will run Core, Ivan Ristic Protect and TBC Ingo Struck Test. 4. We will meet monthly but use the mailing list as much as possible. I think that's it. Look forward to getting this kicked off again on Feb 9th and working with you all again. Mark Mark Curphey Consulting Director Foundstone, Inc. Strategic Security 949.297.5600 x2070 Tel 781.738.0857 Cell 949.297.5575 Fax http://www.foundstone.com This email may contain confidential and privileged information for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies of this message. Thank you.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]