OWASP O2 Platform/Sub-Projects/OSSAD

OSSAD stands for One Security Static Analyzer per Developer

Documentation

 * https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
 * https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf

Copyright
The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and I will release its code under Apache 2.0 (Open Source license) and the documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

Project Details
What is OSSAD?

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
 * Motivation
 * Strategy
 * Architecture
 * Current progress
 * What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

Schedule (tasks to be completed by Monday morning)

Nov 23:
 * Fix up this page
 * Do a first pass clean up of the source code
 * Organize the source code structure
 * Upload to www.o2-ounceopen.com
 * Release a new version of the project documentation

Nov.30: SCR Phase 1 (SCR Builder)

Dec.07: Complete SCR Phase 1 (SCR Builder) for Java

Dec.14: SCR Phase 2 (SCR Composer)

Dec.21: Complete SCR Phase 2 (SCR Composer) for Java

Dec.28: JSP ASTBuilder, JSP SCR Phase 1

Jan.04: Complete JSP SCR Phase 2

After Jan.04: Convert WebGoat source code to SCR & debug

Contact

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.