Difference between revisions of "Category:OWASP Orizon Project"

From OWASP
Jump to: navigation, search
 
(31 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{:Project Information:template Orizon Project}}
+
=Main=
[[Category:OWASP Project]]
+
{|
[[Category:OWASP Tool]]
+
|-
[[Category:OWASP Download]]
+
! width="700" align="center" | <br>
[[Category:OWASP Beta Quality Tool]]
+
! width="500" align="center" | <br>
 +
|-
 +
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]  
 +
| align="right" |
  
{{ ProjectTabs |
+
|}
Proj_About =
 
  
The quest for secure code is what all developers want to achieve (at least we hope so). Software must be reliable. Software must be strong. Software must be '''secure'''.
+
==OWASP Orizon Project==
  
How ''secure'' does my software have to be? The correct answer is hard to find. But security is a problem that even a development team must consider.
+
OWASP Orizon is a source code security scanner designed to spot vulnerabilities in J2EE web applications, Android code and generally speaking in Java written source code.
  
Should skilled developers also be security gurus? Not necessarily, but it is important to provide security tools that will augment their development skills. And so our quest for secure code begins...
+
==Description==
  
The OWASP Orizon project was created with the aim of providing a common ground for safe coding and code review methodologies to be applied to software. The project is approaching its first major release and it will be able to be used in a production environment in the near future.
+
Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
  
Orizon must give thanks to Findbugs, the OWASP LAPSE Project, RATS, and Flawfinder for ideas and inspiration.
+
Owasp Orizon mission is to provide people an opensource tool, helping them in reviewing:
  
The Orizon project, hosted by Sourceforge, is [http://orizon.sourceforge.net here].
+
* single Java classes
 +
* Java standalone tools packed in JAR files
 +
* web applications packed in EAR / WAR files
 +
* Android APK applications
  
====Goals====
+
It was a dark and stormy night in Milan, Italy. It was 2006 and I felt the need of something helping me in reviewing other people java source code. So Owasp Orizon born and grew up as security tool trying to parse Java source code, building an Abstract Syntax Tree and spot for unsafe calls in the code.
Orizon’s goal is to provide a set of APIs to:
 
* Manage a safe coding rules library
 
* Apply these rules to a generic source file
 
* Support the most widely used programming languages
 
* Create reports that shows source code assessment results
 
* Allow developers to build code review tools
 
* Help people understand how important it is to apply safe coding rules while making software
 
  
One of OWASP’s newly-created goals is to “eat its own dog food” and Orizon will contribute to this goal by utilizing the recommendations described in the [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide].
+
In the very beginning Owasp Orizon was a sort of enhanced grep tool. In 2008, I started supporting PHP programming language but the initial boost disappeared. After being in love with other programming languages and technolgies, eight years later, in 2017 I kickstarted the project again from scratch.
  
====Join the project====
+
==Licensing==
Orizon wants you!
+
OWASP Orizon is an opensource tool. It is licensed under the [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License].
  
Of course, as an open source project, '''anybody''' is welcome to join Orizon, and please do. If you are a skilled C#, Java, or ASP developer and you want to share your experience with these languages, feel free to use the mailing list to contribute to these Orizon-supported languages.
+
== Quick Start ==
  
If you are a skilled Java developer why don't you consider writing a bunch of code for Orizon? Or, consider joining the project for documentation, advertising, blog maintenance, etc.
+
See project [https://github.com/thesp0nge/owasp-orizon GitHub home page]
  
We hope you find the OWASP Orizon Project useful. Please contribute to the project by volunteering for one of the tasks, or by sending your comments, questions, and suggestions to owasp@owasp.org.
+
== Project Resources ==
  
To join the OWASP Orizon Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-orizon subscription page.]
+
[https://owasporizon.wordpress.com Blog]
  
 +
[https://github.com/thesp0nge/owasp-orizon  Code] | [https://github.com/thesp0nge/owasp-orizon/releases Binaries]
  
 +
[https://github.com/thesp0nge/owasp-orizon/issues Issue Tracker]
  
====Download====
+
== Project Leader ==
  
The latest release is [http://downloads.sourceforge.net/orizon/orizon_1.17.zip?use_mirror=heanet 1.17].
+
Paolo Perego<br/>
 +
[mailto:thesp0nge@owasp.org email] [https://twitter.com/thesp0nge/ twitter] [https://codiceinsicuro.it blog ]
  
====The blog====
+
== News and Events ==
 +
* [Spring 2017] - [http://owaspsummit.org/Working-Sessions/Project-Summit/Owasp-Orizon-Reboot.html Owasp Orizon kickstart session]
 +
* [13 September 2016] - Paolo Perego take back project leadership, kickstarting Owasp Orizon again
 +
* [February, 2014] - Greg Disney-Leugers adopted the OWASP Orizon project.
 +
* [November 2009] - we started moving from current release to the next major bump (v2.0) that will happen next June 2010 during Owasp AppSEC conference in Stockholm.
  
The Orizon blog is proudly hosted by SourceForge [http://orizon.sourceforge.net/blog here].
+
== Roadmap and Getting Involved==
  
|
+
Owasp Orizon kickstart is scheduled during the upcoming [http://owaspsummit.org/Working-Sessions/Project-Summit/Owasp-Orizon-Reboot.html Owasp Summit 2017]
  
Proj_Documentation= Available online is an  [http://downloads.sourceforge.net/orizon/The_Owasp_Orizon_Project_Internals_v2.2.ppt?use_mirror=osdn Orizon presentation] given at  [http://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium OWASP AppSec EU 2008] in Ghent, May 2008.
+
Some intended milestones to be putted in roadmap are:
  
'''Owasp Orizon Internals @ Owasp AppSec NY 2008, New York 22-25th September 2008'''
+
* Spring 2017 - Defining the team and overall goals
[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Orizon@AppSec NY 2008]
+
* Autumn 2017 - First alpha release
 +
* Winter 2017 - Second alpha release
 +
* January 2018 - First beta
  
'''Owasp Orizon Internals @ Owasp AppSec EU 2008, Ghent 21-22nd May 2008'''
 
[http://www.owasp.org/index.php/AppSecEU08_The_OWASP_ORIZON_project Orizon@AppSec EU 2008]
 
  
'''Owasp Orizon Internals @ Owasp Day Italy 2008, Rome 31st March 2008'''
+
==Classifications==
[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt Orizon@Owasp Day in Italy]
 
  
'''OWASP Orizon Project @ SMAU eAcademy, Milan 4-7th October 2006'''
+
  {| width="200" cellpadding="2"
I will talk to [http://www.webb.it SMAU eAcademy2006] next Saturday 7th October 2006 about code review and safe coding. [http://webb.it/event/eventview/5772/1/0,0/code_review_e_principi_di_programmazione_sicura Here] you can find more information (for now, only in Italian). The last part of the speech will be about introducing the Orizon project and giving a development roadmap.
+
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=]]
 +
  |}
  
A slideshare space is available to for the presentations used in Owasp [http://www.slideshare.net/thesp0nge | conferences]
+
|}
  
|
 
  
  
  
  
}}
 
  
 +
=Project About=
 +
{{:Project Information:template Orizon Project}} 
  
== Project creation ==
+
__NOTOC__ <headertabs />
  
'''OWASP Orizon Project Created! - 09:24, 2 October 2006 (EDT)'''
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
 
 
The Open Web Application Security Project is proud to announce the OWASP Orizon Project!
 
 
 
 
 
== Project sponsor ==
 
 
 
[https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 OWASP Summer of Code 2008]
 

Latest revision as of 09:15, 11 May 2017



OWASP Inactive Banner.jpg

OWASP Orizon Project

OWASP Orizon is a source code security scanner designed to spot vulnerabilities in J2EE web applications, Android code and generally speaking in Java written source code.

Description

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Owasp Orizon mission is to provide people an opensource tool, helping them in reviewing:

  • single Java classes
  • Java standalone tools packed in JAR files
  • web applications packed in EAR / WAR files
  • Android APK applications

It was a dark and stormy night in Milan, Italy. It was 2006 and I felt the need of something helping me in reviewing other people java source code. So Owasp Orizon born and grew up as security tool trying to parse Java source code, building an Abstract Syntax Tree and spot for unsafe calls in the code.

In the very beginning Owasp Orizon was a sort of enhanced grep tool. In 2008, I started supporting PHP programming language but the initial boost disappeared. After being in love with other programming languages and technolgies, eight years later, in 2017 I kickstarted the project again from scratch.

Licensing

OWASP Orizon is an opensource tool. It is licensed under the Apache 2 License.

Quick Start

See project GitHub home page

Project Resources

Blog

Code | Binaries

Issue Tracker

Project Leader

Paolo Perego
email twitter blog

News and Events

  • [Spring 2017] - Owasp Orizon kickstart session
  • [13 September 2016] - Paolo Perego take back project leadership, kickstarting Owasp Orizon again
  • [February, 2014] - Greg Disney-Leugers adopted the OWASP Orizon project.
  • [November 2009] - we started moving from current release to the next major bump (v2.0) that will happen next June 2010 during Owasp AppSEC conference in Stockholm.

Roadmap and Getting Involved

Owasp Orizon kickstart is scheduled during the upcoming Owasp Summit 2017

Some intended milestones to be putted in roadmap are:

  • Spring 2017 - Defining the team and overall goals
  • Autumn 2017 - First alpha release
  • Winter 2017 - Second alpha release
  • January 2018 - First beta


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg

|}





PROJECT IDENTIFICATION
Project Name OWASP Orizon Project
Short Project Description This project born in 2006 in order to provide a framework to all Owasp projects developing code review services. The project is in a quite stable stage and it is usable for Java static code review and some dynamic tests against XSS. Owasp Orizon includes also APIs for code crawling, usable for code crawling tools.
Key Project Information Project Leader
Paolo Perego
Project Contributors
See here
Mailing list
Subscribe here
Use here

License
Creative Commons Attribution Share Alike 3.0

Project Type
Tool

Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

The Owasp OrizonProject in Power Point
Orizon Safe coding and beyond - Word File
Orizon 1.19 - The Latest Release
Orizon internal draft
Orizon site at sourceforge
Orizon blog

OWASP Code Review Guide


Pages in category "OWASP Orizon Project"

This category contains only the following page.