Difference between revisions of "OWASP File Format Validation Project"

Jump to: navigation, search
Line 1: Line 1:
! width="700" align="center" | <br>
! width="500" align="center" | <br>
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]
| align="right" |

Revision as of 22:14, 21 August 2014

OWASP Inactive Banner.jpg
OWASP Project Header.jpg

OWASP File Format Validation

Welcome to the home of OWASP File Format Validation (FFV) Project !


This project is to provide to developers a library to help them to validate formats of a file properly. Validation is based on the official specifications (ISO, RFC, UIT-T, ...) of tested formats and not only on signatures.


The 3 sub-projects :

- File Format Description Language (FFDL) : It is a pseudo-language like regexp useful to describe structure of data in a file. FFDL is helpful to make assertion for each specification of a format.

- File Format Database (FFDB) : It is a sort of file/xml database, where each specifications of each file format are stored.

- File Format Validator : It is final package provide to final user. When a package is build, for each format in File Format Database a source file in the language


OWASP File Format Validation is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is FFV ?

FFV provides:

  • Database of translated specifications of file formats into a pseudo-language
  • Light pseudo-language to describe the structure of a section of data in a file
  • Mechanism to check the format of a file



Project Leader

Georges-B. Michel @

Related Projects

Quick Download

Not available

Email List


News and Events

In Print

There is not printed version of this project


New projects.png Owasp-builders-small.png
Project Type Files CODE.jpg
Why use File Format Validation to check format of a file ?
The validation using FFV is safer than validation based on the magic number, because it validates the entire file structure, including the format of the optional sections, and changes between two versions of the same format.

Volunteers are welcome !


OWASP File Format Validation project is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Georges-B. Michel @


As of File Format Validation project, the priorities are:

  • Increase the file format database coverage
  • Porting of FFV on others languages ( just dev a module for FFEngine )
  • Write documentation

Involvement in the development and promotion of File Fromat Validation project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Make a logo
  • Search partenership and get more ISO documents

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP File Format Validation Project (home page)
Purpose: This project is to provide to developers a library to help them to validate formats of a file properly. Validation is based on the official specifications (ISO, RFC, UIT-T, ...) of tested formats and not only on signatures.
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Georges-B Michel @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Georges-B Michel @ to contribute to this project
  • Contact Georges-B Michel @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases