OWASP File Format Validation Project
OWASP File Format Validation
Welcome to the home of OWASP File Format Validation (FFV) Project !
This project is to provide to developers a library to help them to validate formats of a file properly. Validation is based on the official specifications (ISO, RFC, UIT-T, ...) of tested formats and not only on signatures.
The 3 sub-projects :
- File Format Description Language (FFDL) : It is a pseudo-language like regexp useful to describe structure of data in a file. FFDL is helpful to make assertion for each specification of a format.
- File Format Database (FFDB) : It is a sort of file/xml database, where each specifications of each file format are stored.
- File Format Validator : It is final package provide to final user. When a package is build, for each format in File Format Database a source file in the language
OWASP File Format Validation is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
What is FFV ?
Georges-B. Michel @
News and Events
There is not printed version of this project
- Why use File Format Validation to check format of a file ?
- The validation using FFV is safer than validation based on the magic number, because it validates the entire file structure, including the format of the optional sections, and changes between two versions of the same format.
Volunteers are welcome !
OWASP File Format Validation project is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Georges-B. Michel @
As of File Format Validation, the priorities are:
Involvement in the development and promotion of File Fromat Validation project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?