Difference between revisions of "OWASP CAL9000 Project Roadmap"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textolochirole.com)
 
(5 intermediate revisions by 2 users not shown)
Line 6: Line 6:
 
In the near term, we are focused on the following tactical goals...
 
In the near term, we are focused on the following tactical goals...
  
# Implementing major upgrade to the HTTP Requests function.
+
# Gathering user feedback.
  
  
 
== Version History ==
 
== Version History ==
 +
 +
Nov 16, 2006 - v2.0:
 +
* XSS Attacks Page:
 +
** Filter attacks by browser support
 +
** Create/edit/save/delete your own attacks
 +
** Display user-defined attacks in print-ready list
 +
** Expanded Regex functionality - Added show/replace/split on matches
 +
* Encoder/Decoder:
 +
** Added types md4 and sha1 (encode only)
 +
** Define Base64 special characters and padding character
 +
* HTTP Requests:
 +
** Added (almost) total control of request components
 +
** Quickly add request headers (single, by browser, by method)
 +
** Split/concatenate request parameters and get character count
 +
** Added AutoAttack feature (send multiple requests at once)
 +
** Quick encode request components (Url, hex, Unicode, Base64, md5)
 +
** Requests/responses saved to History file
 +
** Added History list navigation and functions (delete, print-ready)
 +
* HTTP Responses:
 +
** Displays target Url, response status codes, headers and body
 +
** Split out scripts, forms and cookies
 +
** Display request body in new window as it would appear in browser
 +
** Added History list navigation and functions (delete, print-ready)
 +
* String Generator:
 +
** Define character used for string generation
 +
* Testing Checklist:
 +
** Old testing checklist included as testing tips
 +
** Added true testing checklist - Create/edit/save/delete checklist items
 +
* AutoAttack List Editor:
 +
** Create/edit/save/delete attack lists and items
 +
** Display attack lists in print-ready format
 +
** Quick encode checklist items (Url, hex, Unicode, Base64, md5)
  
 
July 30, 2006 - v1.1:
 
July 30, 2006 - v1.1:
Line 27: Line 59:
 
* Minor Bugfixes w/ Save State processing
 
* Minor Bugfixes w/ Save State processing
  
May 18, 2006 - v1.0.  
+
May 18, 2006 - v1.0.
 
+
  
 
== Wish List ==
 
== Wish List ==
* Build/save/replay attack and processing sequences.
 
* Sort/view XSS Attacks by affected browser type.
 
* CAL9000 Editor: Front end to add/remove/edit XSS Attacks, Wrappers, Testing Tips, etc.
 
* Save HTTP Requests/Responses to XML file for viewing/replay.
 
* More robust Regex builder/tester.
 
* CAL9000 Report Builder.
 
 
* What features would you like to see added?
 
* What features would you like to see added?
  
 
[[Category:OWASP CAL9000 Project]]
 
[[Category:OWASP CAL9000 Project]]

Latest revision as of 13:30, 27 May 2009

The project's overall goal is to...

 Provide a centralized framework for the organization and use of a variety of tools that can
 assist web application security testers with their manual testing efforts.

In the near term, we are focused on the following tactical goals...

  1. Gathering user feedback.


Version History

Nov 16, 2006 - v2.0:

  • XSS Attacks Page:
    • Filter attacks by browser support
    • Create/edit/save/delete your own attacks
    • Display user-defined attacks in print-ready list
    • Expanded Regex functionality - Added show/replace/split on matches
  • Encoder/Decoder:
    • Added types md4 and sha1 (encode only)
    • Define Base64 special characters and padding character
  • HTTP Requests:
    • Added (almost) total control of request components
    • Quickly add request headers (single, by browser, by method)
    • Split/concatenate request parameters and get character count
    • Added AutoAttack feature (send multiple requests at once)
    • Quick encode request components (Url, hex, Unicode, Base64, md5)
    • Requests/responses saved to History file
    • Added History list navigation and functions (delete, print-ready)
  • HTTP Responses:
    • Displays target Url, response status codes, headers and body
    • Split out scripts, forms and cookies
    • Display request body in new window as it would appear in browser
    • Added History list navigation and functions (delete, print-ready)
  • String Generator:
    • Define character used for string generation
  • Testing Checklist:
    • Old testing checklist included as testing tips
    • Added true testing checklist - Create/edit/save/delete checklist items
  • AutoAttack List Editor:
    • Create/edit/save/delete attack lists and items
    • Display attack lists in print-ready format
    • Quick encode checklist items (Url, hex, Unicode, Base64, md5)

July 30, 2006 - v1.1:

  • Focus of this Release: Upgrade Encode/Decode function.
  • Added Uppercase check box
  • Added Trailing Character text field
  • Added Delimiter text field
  • Added Include Unselected Text check box
  • Added Wrappers
  • Added several Encoding/Decoding types
  • Added ability to Encode/Decode selected text only
  • Added Store/Restore functionality
  • Added Selected Text processing
  • Added Error/Informational Message functionality
  • String Generator can handle larger string sizes
  • Minor Bugfixes w/ URL Encoding
  • Minor Bugfixes w/ Save State processing

May 18, 2006 - v1.0.

Wish List

  • What features would you like to see added?