OSG Dev Notes

From OWASP
Revision as of 12:25, 8 December 2006 by Medelibero (Talk | contribs)

Jump to: navigation, search

Back to OWASP_SiteGenerator main page

To Do

  • Add a bunch of vulnerablilties
  • Add different types of Navigation
  • Add web services
    • Main goal of this is to have web services in there that show that web services can't be trusted and are another place for attacks.
  • Add some AJAX
    • This will use the WebServices.
  • Integrate it with the Web Goats tests being created by the other AoC project
  • Implement Hacme Bank into OSG (this will take care of the web services item also)

Proposed Architecture

For future development the following idea is proposed. Create an interface that is used for all vulnerabilities. When a user selects a vulnerability they will have the option how they wish it to be implemented (web service, normal page, etc...) they can chose one or more options for the implementation.


Each interface will have to be able to tell the front end what form fields it needs and also an area to handle the request back.


The reason for doing this is so that we only have to code one vulnerability and use it in many different places easier.


Downsides

  • Potentially to complex for the payoff.
  • There could be a better way to do it while still following the DRY principle.