Category:OWASP Orizon Project

Revision as of 12:53, 6 October 2009 by Dinis.cruz (talk | contribs) (Undo revision 70922 by Dinis.cruz (Talk))

Jump to: navigation, search


The quest for secure code is what all developers want to achieve (at least we hope so). Software must be reliable. Software must be strong. Software must be secure.

How secure does my software have to be? The correct answer is hard to find. But security is a problem that even a development team must consider.

Should skilled developers also be security gurus? Not necessarily, but it is important to provide security tools that will augment their development skills. And so our quest for secure code begins...

The OWASP Orizon project was created with the aim of providing a common ground for safe coding and code review methodologies to be applied to software. The project is approaching its first major release and it will be able to be used in a production environment in the near future.

Orizon must give thanks to Findbugs, the OWASP LAPSE Project, RATS, and Flawfinder for ideas and inspiration.

The Orizon project, hosted by Sourceforge, is here.


Orizon's goal is to provide a set of APIs to:

  • Manage a safe coding rules library
  • Apply these rules to a generic source file
  • Support the most widely used programming languages
  • Create reports that shows source code assessment results
  • Allow developers to build code review tools
  • Help people understand how important it is to apply safe coding rules while making software

One of OWASP's newly-created goals is to eat its own dog food and Orizon will contribute to this goal by utilizing the recommendations described in the OWASP Code Review Guide.

Discussion group

A discussion group is available as well, in LinkedIN. We can use this group to talk about Orizon, to promote it in the real world business of statica analysis, to request features, to submit bugs, to exchange some words with the developers and so on.

So, please join the group and help us spreading the voice. Static analysis is fun... again.

Join the project

Orizon wants you!

Of course, as an open source project, anybody is welcome to join Orizon, and please do. If you are a skilled C#, Java, or ASP developer and you want to share your experience with these languages, feel free to use the mailing list to contribute to these Orizon-supported languages.

If you are a skilled Java developer why don't you consider writing a bunch of code for Orizon? Or, consider joining the project for documentation, advertising, blog maintenance, etc.

We hope you find the OWASP Orizon Project useful. Please contribute to the project by volunteering for one of the tasks, or by sending your comments, questions, and suggestions to

To join the OWASP Orizon Project mailing list or view the archives, please visit the subscription page.

Project Details

What does this OWASP project offer you?
What does this OWASP project release offer you?
what is this project?
OWASP Orizon Project

Purpose: Owasp Orizon is a code review tool intended to be used from security specialist to perform white box assessement. Orizon exposes also a set of APIs that can be used within a security tool to provide code review services

License: General Public License version 3

who is working on this project?
Project Leader: Paolo Perego @

Project Maintainer: Paolo Perego @

Project Contributor(s):

  • Steven Evans @
  • Andres Riancho @
  • Dinis Cruz
  • Mike Duncan @
  • prashant k v @
  • Alessio Marziali @
  • Jason Li @
  • Nishi Kumar @
how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Paolo Perego @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Orizon 1.19 - 2009 - (download)

Release Leader: Paolo Perego @

Release details: Main links, release roadmap and assessment

Rating: Greenlight.pngGreenlight.png Beta Release
To be reviewed under Assessment Criteria v2.0


The latest release is 1.19.

The blog

The Orizon blog is proudly hosted by SourceForge here.


Available online is an Orizon presentation given at OWASP AppSec EU 2008 in Ghent, May 2008.

Owasp Orizon Internals @ Owasp AppSec NY 2008, New York 22-25th September 2008

Orizon@AppSec NY 2008

Owasp Orizon Internals @ Owasp AppSec EU 2008, Ghent 21-22nd May 2008

Orizon@AppSec EU 2008

Owasp Orizon Internals @ Owasp Day Italy 2008, Rome 31st March 2008

Orizon@Owasp Day in Italy

OWASP Orizon Project @ SMAU eAcademy, Milan 4-7th October 2006

I will talk to SMAU eAcademy2006 next Saturday 7th October 2006 about code review and safe coding. Here you can find more information (for now, only in Italian). The last part of the speech will be about introducing the Orizon project and giving a development roadmap.

A slideshare space is available to for the presentations used in Owasp [





Project creation

OWASP Orizon Project Created! - 09:24, 2 October 2006 (EDT)

The Open Web Application Security Project is proud to announce the OWASP Orizon Project!

Project sponsor

OWASP Summer of Code 2008

Pages in category "OWASP Orizon Project"

This category contains only the following page.