|Join hundreds of other Developers and InfoSec professionals for Training, Sessions and Community at our first conference of 2019|
[AppSec Tel Aviv, May 26-30th]
SpoC 007 - Orizon Project - Progress Page
15th February 2008 - New version of OWASP ORIZON FRAMEWORK TOOL with the source code crawling APIs available for Java and CSharp.
3rd November 2007 - Orizon version 0.50 is the final deliverable for Spoc 2007. I did not reach all the goals I draw for my self back when Spoc started. After all, I'm really happy seeing the final project status. If I had more support from community may be things would go in a better way... however.
15th October 2007 - Official roadmap is located here. Please refer to this page for project milestones. I deleted support for C language to milestones because more effort I'm spending to make dawn quite usable. I think having dawn 50% working is more valuable than having partial C language support.
11st October 2007 - Dawn engine is now operative. It creates helper applications from Java methods, it compiles them, it runs them and collecting their output it scans it for XSS attack pattern to appear. Further improvement will follow asap :)
22nd August 2007 - Orizon release 0.40 is available at sourceforge site. This is an important milestone in the development process. Safe coding recipes APIs are working and the class handling source code being reviewed is now capable of applying a check over the source code xml representation. In fact, static code review is possible by now.
13th July 2007 - The project status as Spoc 2007 start is summarized in the following:
- java sources are translated into XML using JDK6 APIs;
- Orizon classes are in a refactoring stage in order to reflect a better approach in design phase;
- library containing checks is now a Zip file instead of a plain XML file. The library file will contain "receipts", XML files containing security checks grouped by category.
What is missing by now is some checks. I'm looking the web in order to collect "coding best practices" and trying to formalize them in XML.
|OR-1||Collecting safe coding best practices||High||No|
|OR-2||Creating APIs for XML reports||Low||No|
|OR-3||Creating code to handle dynamic test cases generation||Medium||No|
SpoC 2007 Goals
|Dynamic analysis - codename: dawn||50%|
|Creating a library with 30 checks included||66,67% (20 tests out of 30)|
|Capability to export results in XML with customizable CSS||10%|