ORG (OWASP Report Generator)

From OWASP
Revision as of 11:27, 24 October 2006 by Medelibero (Talk | contribs)

Jump to: navigation, search

The ORG (Owasp Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.

Contents

Downloads

[NOTE: contact Mike de Libero(mike at mde-dev dot com) for the latest version]

Report Generator Source

ORG Active Developers

TODO

Priority High

TODO
Task Comment Complexity Assigned Status
1 Enable templates in executive summary to save copying and pasting in new projects {...} Medium Not Assigned


Priority Medium

Task Comment Complexity Assigned Status
1 Add a default profile with the project files maped to the local disk


Priority Medium

Task Comment Complexity Assigned Status
generated Pdf reports don't appear in the respective ORG window. [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window no idea

|- ! x || {Template} || {...} || Medium || Not Assigned


To Map to Priority Tables

Task Comment Assigned Status
1 Del Key should delete newline (and other elements)
2 Add ability to move findings to other targets
3 Sort of tracking views by Issue ID Enable sorting in the issue tracking screens, to enable easier finding of issues when retests are occurring
4 Search (for Issue IDs)
5 Select contacts from a db
6 Automatic Import data (like DSN info) This can also include task / default messages with links to areas like the OWASP vulnerability pages
7 Data feed for global database spreadsheets
8 Sign application and FOP engine
9 Ensure that within the same project, image folders are unique
10 Make an installer
11 Add Backup feature for XSLT changes
12 Add upgrade tool
13 Add XSLT search feature
14 Project level tags
15 Image's path are hardcoded on the PDF xslt
  • Monthly CISO Report.xslt
  • test.xslt
  • Bespoke Brief.xslt
  • Monthly RISO Report.xslt
  • Outstanding Issues.xslt
16 Document the installation procedure of the Altova XML engine (used for xslt2 queries)
17 Add to FAQ the fact that the errors that show on the current main FOP transformation are ok
18 Convert the current xslt/FOP to the altova engine so that we can use xslt2 queries
19 Modify the tabs on the "Current and Archived Projects" screen so that whenever you click on one it reloads the data
20 Only show up tabs that we have the data set up for
21 Remove all those empty try/catches in authentic.cs
22 Upgrade the Altova component Y 50%
23 Create a Microsoft Word report option
24 Perform a validation against a schema of all current _consolidatedReports files to ensure they are compliant (check in particular dates, IPs and DNS names)
25 Manage the exceptions that occur when you add a finding with a duplicate name more effectively
26 Change the Window menu to have the current open windows in the main menu, rather than as a sub menu
27 Add a find function to the source code editor
28 Add drop down menus to the recommendations section (which links to the recommendations database)
29 Enable schema-safe copy and paste between the project meta data tab and the executive summary tab (the xml attribute copying bug)
30 Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format)

To add to to-do

  • Default headers auto populated in "Report Contents". Executive Summary, Background, Scope
  • Paste tables into Appendix
  • Paste images into Appendix
  • Bug report, sequence of events:
    • do findings
    • then do exec sumamry
    • then make a pdf
    • then try to change a finding (exception will occur)
    • if you reload the project the issue will go away


TODO Future Versions

  • Add in the ability to import in stock findings
  • Remove the global variable class.
  • Add in tool tips to the forms.


Other related [Owasp .Net Project Downloads]


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.