Category:OWASP Orizon Project

Overview
The quest for secure code is what all developers want (I hope so) to achieve. Software must be reliable. Software must be strong. Software must be secure.

How much my software has to be secure? The correct answer is hard to find. But security is a problem that even a development team must take care for. Must be a skilled developer also a security guru? Don't know, not necessarly. But it's important that someone give him the tools to merge security know how to his development skills, and so our quest for secure code starts...

Orizon borns with the aim to provide a common ground to safe coding and code review methodologies applied to software. By now Orizon is still a bunch of ideas and few lines of code. In a year I hope Orizon will be the common engine in which security code review related tools are built upon

Orizon must give thanks di LAPSE Project (that you may find between OWASP Projects) RATS, Flowfinder for ideas and inspiration.

Orizon page at sourceforge is this.

Download
By now all the code is in subversion repository hosted at sourceforge.net. A first internal architecture document is available at sourceforge.net for download. This is the first document I'm reviewing by now (thanks to Zeb and Prashant for the feedbacks). Check it out and send me a note about your opinion... my english grammar is bad so a english language review is still apriciated. Orizon Internals draft

Future Development
This is the first project RoadMap Oct 2006 - PoC code will be showed at SMAU - eAcademy 2006. No features. No XML written tests. Just a Proof of Concept introducing Orizon.

30th Nov 2006 - Orizon design phase. Before start coding like a rolling stone, a good design phase must be completed. Documents to be released in this phase are:
 * "orizon architecture": this document will explain how Orizon has to be built, the modules and how they interact
 * "writing orizon test": this document will explain how to write an XML document describing a security check and how integrate it in Orizon
 * "orizon coding guideline": this document draw some basics about coding standard to be used inside the project

31th Dec 2006, v0.30 - Orizon framework must be completed by the 30% of the features claimed in the aformentioned documents. This release goal will be applying two simple XML tests to a simple java source (no inner class, just few methods).

14th Feb 2007 v0.50 - Orizon framework must be completed by the half of the features claimed in the design phase. This realease goal will be applying an arbitrary number of XML tests to an arbitrary java source.

May 2007 v0.75 - Orizon will be almost complete for Java language. Here we start supporting C, ASP and C# languages. Orizon API must be consolidated at this point and the engine must be fully integrated in an arbitrary code review security tool

Jul 2007 v0.90 - Orizon API consolidation must be completed and JavaDOC has to be greated. Here there will be a freeze in API subversion trunk. C language support must be completed.

Oct 2007 v1.00 - First major release: support for C# and ASP must be completed. Orizon must be fully usable for writing security tools supporting Java, C, C# and ASP languages natively. Starting by now Orizon supported languages will grown up as well the security tests implemented.

News
Design phase finished In my Moleskine, release 1 of Orizon Architecture documentation has been completed. In few days an electronic version of the document will be available in english language. Design phase has begun I started working on documentation. Please consider joining orizon mailing list and contributing to project. OWASP Orizon Project @ SMAU eAcademy, Milan 4-7th October 2006 I will talk to SMAU eAcademy2006 next saturday 7th October 2006 about code review and safe coding. Here you can find more informations in italian only by now. Last part of the speech will be about introducing Orizon project, giving development roadmap

'''OWASP Orizon Project Created! - 09:24, 2 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Orizon Project!

Feedback and Participation:
Orizon wants you Of course, as opensource project, anyone is welcome tho join Orizon, and please do it. If you are a C#, Java or ASP skilled developer and you want to share your experience with such languages feel free to use mailing list to contribute in Orizon supported languages.

If you are a Java skilled developer why don't you think about writing some bunch of codes for Orizon?

If you write quite well or, it's not so difficult, better than me, please think about joining the project for documentation, advertising, blog maintenance ...

We hope you find the OWASP Orizon Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Orizon Project mailing list or view the archives, please visit the subscription page.

Project Contributors
--thesp0nge 09:47, 2 October 2006 (EDT)