Difference between revisions of "OWASP O2 Platform/Sub-Projects/OSSAD"

From OWASP
Jump to: navigation, search
(update schedule)
(Project Details)
 
(3 intermediate revisions by one user not shown)
Line 4: Line 4:
 
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
 
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
 
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
 
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
 
+
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.odt
=== Copyright ===
+
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.pdf
 
+
The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.
+
 
+
"I assign the copyright of the OSSAD static analysis tool to OWASP and
+
I will release its code under Apache 2.0 (Open Source license) and the
+
documents under Creative Commons 3.0 License."
+
 
+
Stephen Craig Evans - November 15, 2009
+
  
 
=== Project Details  ===
 
=== Project Details  ===
Line 30: Line 22:
 
The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.
 
The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.
  
'''Schedule (tasks to be completed by Monday morning)'''
+
'''Schedule'''
  
Nov 23:  
+
Nov 23, 2009:  
 
* Fix up this page
 
* Fix up this page
 
* Do a first pass clean up of the source code
 
* Do a first pass clean up of the source code
 
* Organize the source code structure  
 
* Organize the source code structure  
* Upload to www.o2-ounceopen.com
 
* Release a new version of the project documentation
 
  
Nov.30: SCR Phase 1 (SCR Builder)
+
Jan 02, 2010:
 +
* Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/
 +
* Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen)
 +
* Write ScrGraph module
 +
* Did more Java grammar control flow statements
  
Dec.07: Complete SCR Phase 1 (SCR Builder) for Java
+
Near future:
 +
* Finish up the Java grammar control flow statements
 +
* Start JSP implementation for The Prototype
  
Dec.14: SCR Phase 2 (SCR Composer)
+
Less near future:
 +
* Finish JSP implementation for The Prototype
 +
* Start security rules format and Analysis Engine
  
Dec.21: Complete SCR Phase 2  (SCR Composer) for Java
 
  
Dec.28: JSP ASTBuilder, JSP SCR Phase 1
+
'''Contact'''
  
Jan.04: Complete JSP SCR Phase 2
+
Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org or stephencraig.evans@gmail.com
  
After Jan.04: Convert WebGoat source code to SCR & debug
+
Thank you.
  
 +
=== Copyright ===
  
'''Contact'''
+
The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.
  
Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org
+
"I assign the copyright of the OSSAD static analysis tool to OWASP and
 +
I will release its code under Apache 2.0 (Open Source license) and the
 +
documents under Creative Commons 3.0 License."
 +
 
 +
Stephen Craig Evans - November 15, 2009
  
Thank you.
 
  
 
{{:OWASP_O2_Platform/WIKI/bottom}}
 
{{:OWASP_O2_Platform/WIKI/bottom}}

Latest revision as of 15:04, 3 January 2010

OSSAD stands for One Security Static Analyzer per Developer

Documentation

Project Details

What is OSSAD?

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:

  • Motivation
  • Strategy
  • Architecture
  • Current progress
  • What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

Schedule

Nov 23, 2009:

  • Fix up this page
  • Do a first pass clean up of the source code
  • Organize the source code structure

Jan 02, 2010:

Near future:

  • Finish up the Java grammar control flow statements
  • Start JSP implementation for The Prototype

Less near future:

  • Finish JSP implementation for The Prototype
  • Start security rules format and Analysis Engine


Contact

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org or stephencraig.evans@gmail.com

Thank you.

Copyright

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and I will release its code under Apache 2.0 (Open Source license) and the documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009



go back to the main OWASP O2 Platform page