Difference between revisions of "ORG (OWASP Report Generator)"

From OWASP
Jump to: navigation, search
(Downloads)
Line 19: Line 19:
 
* [[ORG (Owasp Report Generator) - Dinis Cruz]]
 
* [[ORG (Owasp Report Generator) - Dinis Cruz]]
 
* [[ORG (Owasp Report Generator) - Zi Jin]]
 
* [[ORG (Owasp Report Generator) - Zi Jin]]
 
== TODO (under construction) ==
 
 
'''Priority High'''
 
 
{|class="wikitable"
 
|+TODO
 
|-
 
|
 
! Task !! Comment !! Complexity || Assigned !! Status
 
|-
 
! 1
 
|| Enable templates in executive summary to save copying and pasting in new projects || There is an easy and a hard way to do this. The easy is to implement this using template xml files which are copied to the target location (for example a finding or 'Report Content') from a default location (in the current plan the output of a plug-in). The hard way (but much more powerfull) will be to implement this templates using dinamic manipulation of the autentic object (which is something that I haven't figure out how to do) || Medium || Not Assigned
 
|-
 
!
 
|| Create plug-in to support templates || Which is basically a mapping between SPS and XML files (need to figure out how to dynamically use SPS transformations
 
|-
 
|-
 
!
 
||Fix XML attribute / value errors when using copy and paste functionality
 
!
 
|| Convert Export functionality into a Plug-in || Should be easy to do since all code is already there || Low || DC ||
 
|-
 
 
|-
 
!
 
|| Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields) || Basicaly the issue here is that everytime an xml file is saved, a quick check to the schema should be made. The code to do this already exists (it is in the export data code).
 
|-
 
!
 
||
 
|-
 
!
 
||
 
|-
 
!
 
||
 
|-
 
!
 
||
 
|}
 
 
 
 
'''Priority Medium'''
 
 
{|class="wikitable"
 
|-
 
|
 
! Task !! Comment !! Complexity || Assigned !! Status
 
|-
 
! 1
 
| Add a default profile with the project files maped to the local disk || this way the first time user can just click Start |
 
|}
 
 
 
'''Priority Low'''
 
 
{|class="wikitable"
 
|-
 
|
 
! Task !! Comment !! Complexity || Assigned !! Status
 
|-
 
!
 
|| generated Pdf reports don't appear in the respective ORG window. || [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window || no idea || ||
 
|}
 
 
|-
 
! x
 
|| {Template} || {...} || Medium || Not Assigned
 
 
 
 
'''To Map to Priority Tables'''
 
 
{|class="wikitable"
 
|-
 
|
 
! Task !! Comment !! Assigned !! Status
 
|-
 
! 1
 
| Del Key should delete newline (and other elements) ||
 
|-
 
! 2
 
| Add ability to move findings to other targets ||
 
|-
 
! 3
 
| Sort of tracking views by Issue ID || Enable sorting in the issue tracking screens, to enable easier finding of issues when retests are occurring
 
|-
 
! 4
 
| Search (for Issue IDs) ||
 
|-
 
! 5
 
| Select contacts from a db ||
 
|-
 
! 6
 
| Automatic Import data (like DSN info) || This can also include task / default messages with links to areas like the OWASP vulnerability pages
 
|-
 
! 7
 
| Data feed for global database spreadsheets ||
 
|-
 
! 8
 
| Sign application and FOP engine ||
 
|-
 
! 9
 
| Ensure that within the same project, image folders are unique ||
 
|-
 
! 10
 
| Make an installer ||
 
|-
 
! 11
 
| Add Backup feature for XSLT changes ||
 
|-
 
! 12
 
| Add upgrade tool ||
 
|-
 
! 13
 
| Add XSLT search feature ||
 
|-
 
! 14
 
| Project level tags ||
 
|-
 
! 15
 
| Image's path are hardcoded on the PDF xslt ||
 
* Monthly CISO Report.xslt
 
* test.xslt
 
* Bespoke Brief.xslt
 
* Monthly RISO Report.xslt
 
* Outstanding Issues.xslt
 
|-
 
! 16
 
| Document the installation procedure of the Altova XML engine (used for xslt2 queries) ||
 
|-
 
! 17
 
| Add to FAQ the fact that the errors that show on the current main FOP transformation are ok ||
 
|-
 
! 18
 
| Convert the current xslt/FOP to the altova engine so that we can use xslt2 queries ||
 
|-
 
! 19
 
| Modify the tabs on the "Current and Archived Projects" screen so that whenever you click on one it reloads the data
 
|-
 
! 20
 
| Only show up tabs that we have the data set up for ||
 
|-
 
! 21
 
| Remove all those empty try/catches in authentic.cs ||
 
|-
 
! 22
 
| Upgrade the Altova component || || || Y || 50%
 
|-
 
! 23
 
| Create a Microsoft Word report option || || || ||
 
|-
 
! 24
 
| Perform a validation against a schema of all current _consolidatedReports files to ensure they are compliant (check in particular dates, IPs and DNS names) ||
 
|-
 
! 25
 
| Manage the exceptions that occur when you add a finding with a duplicate name more effectively ||
 
|-
 
! 26
 
| Change the Window menu to have the current open windows in the main menu, rather than as a sub menu ||
 
|-
 
! 27
 
| Add a find function to the source code editor ||
 
|-
 
! 28
 
| Add drop down menus to the recommendations section (which links to the recommendations database) ||
 
|-
 
! 29
 
| Enable schema-safe copy and paste between the project meta data tab and the executive summary tab (the xml attribute copying bug) ||
 
|-
 
! 30
 
| Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format)  ||
 
|}
 
 
== To add to to-do ==
 
 
* Default headers auto populated in "Report Contents".  Executive Summary, Background, Scope
 
* Paste tables into Appendix
 
* Paste images into Appendix
 
* Bug report, sequence of events:
 
** do findings
 
** then do exec sumamry
 
** then make a pdf
 
** then try to change a finding (exception will occur)
 
** if you reload the project the issue will go away
 
 
 
== TODO Future Versions ==
 
* Add in the ability to import in stock findings
 
* Remove the global variable class.
 
* Add in tool tips to the forms.
 
  
  

Revision as of 06:09, 25 October 2006

The ORG (Owasp Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.

Downloads

[NOTE: contact Mike de Libero(mike at mde-dev dot com) for the latest version]

Report Generator Source


ORG Development

The current version under development is vl.85 and you can see the change log here: ORG (Owasp Report Generator) - V0.85

The current Todo is here:

ORG Active Developers


Other related [Owasp .Net Project Downloads]


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.