OWASP - User contributions [en]

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator - 0.3 Release

2013-04-02T10:17:27Z

Dag Hovland:

{{ Template:Detailed Release Information

| Release Name and Version
= SHIP Validator 0.3 Release

| Release Date
= July 2009

| Release Download Link
= [http://sourceforge.net/projects/shipvalidator/ download]

| Main Features
= 1. More javadoc, 2. Improved class names, 3. Fixed a bug in the class MetaConstraints, 4. Added diagrams to tex/tecrep/fig

| Release Leader - Wiki Account
=

| Release Contributor(s)
= [[:User:Federico_Mancini|Federico Mancini]], [[:user:Khalid_Azim_Mughal|Khalid Azim Mughal]], [[:User:Dag_Hovland|Dag Hovland]]

| Release Reviewer(s)
= [[:user:Dinis.cruz|Dinis Cruz]], [[:user:Mtesauro|Matt Tesauro]]

| Release Mentor(s)
= if any

| Release Sponsor(s)
=

| Release Flyer/Pamphlet
= [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf See here]

| Release Notes
= [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|See here]]

| Release Main Links
= [http://sourceforge.net/projects/shipvalidator/ Download], [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf Documentation]

| Release Assessment
= [[Image:Yellow button.JPG|25px]] [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Assessment|Not reviewed/Targeted at Stable Release]]

| Assessment Criteria Version
= [[:Assessing Project Health|Assessment Criteria v2.0]]

}}

User:Dag Hovland

2010-01-12T08:07:07Z

Dag Hovland:

Dag Hovland has been employed as a PhD student in the SHIP project at the Departement of Informatics, University of Bergen, since april 2007. He has a master degree in computer science from the same departement.

Dag Hovland is involved in the OWASP Project [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project|Content Validation using Java Annotations]].

'''''CV:'''''
<ul>
<li> PhD student at University of Bergen, Dept. of Informatics, 2007-present
<li> MD Computer Science, University of Bergen, 2006
</ul>

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

'''''Web-site:''''' [http://www.ii.uib.no/~dagh www.ii.uib.no/~dagh]

GPC Project Details/OWASP Content Validation using Java Annotations Project

2010-01-12T08:02:51Z

Dag Hovland: put slides in correct link (not pamphlet)

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
| project_name = OWASP Content Validation using Java Annotations Project
| project_description = We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework. We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.
| project_license = [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]
| leader_name = Dag Hovland
| leader_email = dag.hovland@uib.no
| leader_username = Dag Hovland
| past_leaders_special_contributions =
| maintainer_name = Dag Hovland
| maintainer_email = dag.hovland@uib.no
| maintainer_username = Dag Hovland
| contributor_name1 = Dag Hovland
| contributor_email1 = dag.hovland@uib.no
| contributor_username1 = Dag_Hovland
| contributor_name2 = Khalid Azim Mughal
| contributor_email2 = Khalid.Mughal@ii.uib.no
| contributor_username2 = Khalid_Azim_Mughal
| contributor_name3 = Federico Mancini
| contributor_email3 = Federico.Mancini@ii.uib.no
| contributor_username3 = Federico_Mancini
| contributor_name4 =
| contributor_email4 =
| contributor_username4 =
| contributor_name5 =
| contributor_email5 =
| contributor_username5 =
| contributor_name6 =
| contributor_email6 =
| contributor_username6 =
| contributor_name7 =
| contributor_email7 =
| contributor_username7 =
| contributor_name8 =
| contributor_email8 =
| contributor_username8 =
| contributor_name9 =
| contributor_email9 =
| contributor_username9 =
| contributor_name10 =
| contributor_email10 =
| contributor_username10 =
| pamphlet_link =
| presentation_link = http://www.ii.uib.no/~dagh/validatorflyer.pdf
| mailing_list_name = owasp_cvuja_project
| links_url1 = http://shipvalidator.sourceforge.net/
| links_name1 = SHIP Validator
| links_url2 = http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009
| links_name2 = Reports in Informatics 2000-2009
| links_url3 =
| links_name3 =
| links_url4 =
| links_name4 =
| links_url5 =
| links_name5 =
| links_url6 =
| links_name6 =
| links_url7 =
| links_name7 =
| links_url8 =
| links_name8 =
| links_url9 =
| links_name9 =
| links_url10 =
| links_name10 =
| project_road_map = :Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_Roadmap
| project_health_status =
| current_release_name = SHIP Validator 0.3 Release
| current_release_date = July 2009
| current_release_download_link = http://sourceforge.net/projects/shipvalidator/
| current_release_rating = -1
| current_release_leader_name = Dag Hovland
| current_release_leader_email = dag.hovland@uib.no
| current_release_leader_username = Dag Hovland
| current_release_details = :Category:OWASP Content Validation using Java Annotations Project - SHIP Validator - 0.3 Release
| last_reviewed_release_name =
| last_reviewed_release_date =
| last_reviewed_release_download_link =
| last_reviewed_release_rating =
| last_reviewed_release_leader_name =
| last_reviewed_release_leader_email =
| last_reviewed_release_leader_username =
| last_reviewed_release_details =
| old_release_name1 =
| old_release_date1 =
| old_release_download_link1 =
| old_release_name2 =
| old_release_date2 =
| old_release_download_link2 =
| old_release_name3 =
| old_release_date3 =
| old_release_download_link3 =
| old_release_name4 =
| old_release_date4 =
| old_release_download_link4 =
| old_release_name5 =
| old_release_date5 =
| old_release_download_link5 =
| last_GPC_update = 2/12/2009
| GPC_Notes = Has been assessed by the project leader. Waiting for Matt's and Dinis' reviews.
| project_home_page = Category:OWASP_Content_Validation_using_Java_Annotations_Project
| project_details_wiki_page = GPC_Project_Details/OWASP_Content_Validation_using_Java_Annotations_Project
}}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T13:34:36Z

Dag Hovland: Added link to bug tracker on sourceforge

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= No, it is a .jar file (library) to be used in conjunction with J2EE. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= Yes

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= Yes, in the readme file that comes with the code.

| 11. Is the tool documentation stored in the same repository as the source code?
= Yes, but a more comprehensive technical report will soon be available from a separate source.

| 12. Are the Alpha and Beta pre-assessment items complete?
= Yes

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= Yes. An ant build-file (build.xml) is included in the jar avilable from [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net].

| 15. Is there a publicly accessible bug tracking system?
= Yes. [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracking tool]

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project

2009-08-10T13:23:06Z

Dag Hovland: Added link to bug tracker on sourceforge

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuosly improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation
* Improve both the documentation

= Main Links =

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

Email list [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project owasp_cvuja_project]

Bug Tracker : [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracker]
==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

''''' Releases' License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T10:54:56Z

Dag Hovland: Build script answer

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= Yes. An ant build-file (build.xml) is included in the jar avilable from [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net].

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T10:52:23Z

Dag Hovland: tried fixing link to release roadmap. Added ansers

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T10:01:47Z

Dag Hovland: tried fixing link

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T09:58:15Z

Dag Hovland: Added link to release roadmap

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag_Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [http://www.owasp.org/index.php/Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T09:56:52Z

Dag Hovland: Added yes to project wiki page minimum content

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag_Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project

2009-08-10T09:55:00Z

Dag Hovland: Added link to email list under main links

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuosly improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation
* Improve both the documentation

= Main Links =

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

Email list [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project owasp_cvuja_project]

==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

''''' Releases' License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]

Template:OWASP Content Validation using Java Annotations Project - A

2009-08-10T09:49:57Z

Dag Hovland: Changed email links to wiki personal page links

{| width="100%" border="0" align="left"
! style="background:#7b8abd;" | <big>'''what'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this project?''
|-
| colspan="2" | '''OWASP Content Validation using Java Annotations Project'''

''''' Purpose: '''''We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.
We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

|-
! style="background:#7b8abd;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this project?''

|-
| colspan="2" | '''''Project Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Azim_Mughal|Khalid Azim Mughal]] 

'''''Project Maintainer:'''''  

'''''Project Contributor(s):'''''  

|-
! style="background:#7b8abd;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''

|-
| colspan="2" | '''''Project Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validatorflyer.pdf validatorflyer.pdf]

'''''Mail list:''''' [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project Subscribe or read the archives]

'''''Project Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - Roadmap|To view, click here]]

'''''Project main links:''''' : http://shipvalidator.sourceforge.net

'''''Project Health:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - Health Assessment|Not reviewed]] 
''To be reviewed under [[:Assessing Project Health|Assessment Criteria v2.0]]''

|-
| colspan="2" |

|-
! style="background:#ccccff;" |'''Key Contacts'''
! style="background:#ffffff;" align="left" |
|-
| colspan="2" |
* Contact [[User:Dag_Hovland|Dag Hovland]] to contribute to this project,
* Contact [[User:Dag_Hovland|Dag Hovland]] or [[:Category:Global Projects Committee|GPC]] to review or sponsor this project,
* Contact [[:Category:Global Projects Committee|GPC]] to report a problem or concern about this project or to update information.
|}

Template:OWASP Content Validation using Java Annotations Project - A

2009-08-10T09:49:21Z

Dag Hovland: Changed email links to wiki personal page links

{| width="100%" border="0" align="left"
! style="background:#7b8abd;" | <big>'''what'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this project?''
|-
| colspan="2" | '''OWASP Content Validation using Java Annotations Project'''

''''' Purpose: '''''We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.
We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

|-
! style="background:#7b8abd;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this project?''

|-
| colspan="2" | '''''Project Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Azim_Mughal|Khalid Azim Mughal]] 

'''''Project Maintainer:'''''  

'''''Project Contributor(s):'''''  

|-
! style="background:#7b8abd;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''

|-
| colspan="2" | '''''Project Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validatorflyer.pdf validatorflyer.pdf]

'''''Mail list:''''' [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project Subscribe or read the archives]

'''''Project Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - Roadmap|To view, click here]]

'''''Project main links:''''' : http://shipvalidator.sourceforge.net

'''''Project Health:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - Health Assessment|Not reviewed]] 
''To be reviewed under [[:Assessing Project Health|Assessment Criteria v2.0]]''

|-
| colspan="2" |

|-
! style="background:#ccccff;" |'''Key Contacts'''
! style="background:#ffffff;" align="left" |
|-
| colspan="2" |
* Contact [mailto:dag.hovland@uib.no Dag Hovland] to contribute to this project,
* Contact [mailto:dag.hovland@uib.no Dag Hovland] or [[:Category:Global Projects Committee|GPC]] to review or sponsor this project,
* Contact [[:Category:Global Projects Committee|GPC]] to report a problem or concern about this project or to update information.
|}

Category:OWASP Project

2009-07-17T12:49:28Z

Dag Hovland: Added "We wish" to "OWASP Content Validation using Java Annotations Project"

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:

* '''PROTECT''' - These are tools and documents that can be used to guard against security-related design and implementation flaws.
* '''DETECT''' - These are tools and documents that can be used to find security-related design and implementation flaws.
* '''LIFE CYCLE''' - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).

If you would like to start a new project please review the [[How to Start an OWASP Project]] guide. Please contact the [https://www.owasp.org/index.php/Global_Projects_and_Tools_Committee Global Project Committee] members to discuss project ideas and how they might fit into OWASP. All OWASP projects must be free and open and have their homepage on the OWASP portal. You can read all the guidelines in the [[:Category:OWASP_Project_Assessment | Project Assessment Criteria]].

Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page.

A list of '''Projects''' that have been identified as '''orphaned''' ones has been set up. Please [[:Category:OWASP Orphaned Projects|glance at it]] and see you find interest in leading any of them.
 
==== Release Quality Projects ====
* Release quality projects are generally the level of quality of professional tools or documents.
* Projects are listed below.
<table width="100%" valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>
'''PROTECT: 

; [[:Category:OWASP AntiSamy Project|OWASP AntiSamy Java Project]]
: an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks (Assessment Criteria v1.0)

; [[:Category:OWASP AntiSamy Project .NET|OWASP AntiSamy .NET Project]]
: an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks. (Assessment Criteria v1.0)

; [[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]]
: a free and open collection of all the security methods that a developer needs to build a secure web application. (Assessment Criteria v1.0)

'''DETECT: 

; [[:Category:OWASP Live CD Project|OWASP Live CD Project]]
: this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. (Assessment Criteria v1.0)

; [[:Category:OWASP WebScarab Project|OWASP WebScarab Project]]
: a tool for performing all types of security testing on web applications and web services (Assessment Criteria v1.0)

'''LIFE CYCLE: 

; [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
: an online training environment for hands-on learning about application security (Assessment Criteria v1.0)

</td><td>

'''PROTECT: 

; [[:Category:OWASP Guide Project|OWASP Development Guide]]
: a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)

; [[:Category:OWASP .NET Project|OWASP .NET Project]]
: the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)

; [[:Category:OWASP Ruby on Rails Security Guide V2 | OWASP Ruby on Rails Security Guide V2]]
: this Project is the one and only source of information about Rails security topics. (Assessment Criteria v1.0)

'''DETECT: 

; [[:Category:OWASP Application Security Verification Standard Project | OWASP Application Security Verification Standard Project]]
: The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying) applications using both security testing and code review techniques. (Assessment Criteria v1.0)

; [[:Category:OWASP Code Review Project|OWASP Code Review Guide]]
: a project to capture best practices for reviewing code. (Assessment Criteria v1.0)

; [[:Category:OWASP Testing Project|OWASP Testing Guide]]
: a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)

; [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]
: an awareness document that describes the top ten web application security vulnerabilities (Assessment Criteria v1.0)

'''LIFE CYCLE: 

; [[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]]
: FAQ covering many application security topics (Assessment Criteria v1.0)

; [[:Category:OWASP Legal Project|OWASP Legal Project]]
: a project focused on providing contract language for acquiring secure software (Assessment Criteria v1.0)

; [[:Category:OWASP Source Code Review OWASP Projects Project|OWASP Source Code Review for OWASP-Projects]]
: a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC). (Assessment Criteria v1.0)

</td></tr></table>

==== Beta Status Projects ====
* Beta quality projects are complete and ready to use with documentation.
* Projects are listed below.
<table width="100%" valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>
'''PROTECT: 

; [[:Category:OWASP CSRFGuard Project|OWASP CSRFGuard Project]]
: a J2EE filter that implements a unique request token to mitigate CSRF attacks (Assessment Criteria v1.0)

; [[:Category:OWASP Encoding Project|OWASP Encoding Project]]
: a project focused on the development of encoding best practices for web applications. (Assessment Criteria v1.0)

; [[:Category:OWASP OpenSign Server Project|OWASP OpenSign Server Project]]
: the purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. (Assessment Criteria v1.0)

; [[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp]]
: focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP. (Assessment Criteria v1.0)

'''DETECT: 

; [[:Category:OWASP Access Control Rules Tester Project|OWASP Access Control Rules Tester Project]]
: this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool. (Assessment Criteria v1.0)

; [[:Category:OWASP Code Crawler|OWASP Code Crawler]]
: this tool is aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. (Assessment Criteria v1.0)

; [[:Category:OWASP DirBuster Project|OWASP DirBuster Project]]
:DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. (Assessment Criteria v1.0)

; [[:Category:OWASP LAPSE Project|OWASP LAPSE Project]]
: an Eclipse-based source-code static analysis tool for Java (Assessment Criteria v1.0)

; [[:Category:OWASP Orizon Project|OWASP Orizon Project]]
: the goal of this project is to develop an extensible code review engine to be used from source code assessment tools. (Assessment Criteria v1.0)

; [[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]]
: a project focused on combining automated capabilities with complete manual testing to get the best results (Assessment Criteria v1.0)

; [[ORG_%28Owasp_Report_Generator%29|OWASP Report Generator]]
: a project giving security professionals a way to report and keep track of their projects (Assessment Criteria v1.0)

; [[Owasp_SiteGenerator|OWASP Site Generator]]
: a project allowing users to create dynamic sites for use in training, web application scanner testing, etc... (Assessment Criteria v1.0)

; [[:Category:OWASP Skavenger Project|OWASP Skavenger Project]]
: is a web application security assessment tool kit that passively analyses traffic logged by various MITM proxies as well as other sources and helps to identify various kinds of possible vulnerabilities. (Assessment Criteria v1.0)

; [[:Category:OWASP SQLiX Project|OWASP SQLiX Project]]
: a project focused on the development of SQLiX, a full perl-based SQL scanner (Assessment Criteria v1.0)

; [[:Category:OWASP Sqlibench Project|OWASP Sqlibench Project]]
: this is a benchmarking project of automatic sql injectors related to dumping databases. (Assessment Criteria v1.0)

; [[OWASP_Tiger|OWASP Tiger]]
: OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested. (Assessment Criteria v1.0)

; [[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]
: OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)

; [[:Category:OWASP WSFuzzer Project|OWASP WSFuzzer Project]]
: a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer (Assessment Criteria v1.0)

'''LIFE CYCLE: 

; [[:Category:OWASP LiveCD Education Project|OWASP Live CD Education Project]]
: an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]] and [http://www.securitydistro.com/ Security Distro] (Assessment Criteria v1.0)

; [[:Category:OWASP Teachable Static Analysis Workbench Project|OWASP Teachable Static Analysis Workbench Project]]
: this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype. (Assessment Criteria v1.0)
</td><td>

'''PROTECT: 
; [[:Category:OWASP AppSensor Project|OWASP AppSensor Project]]
: a framework for detecting and responding to attacks from within the application. (Assessment Criteria v1.0)

; [[:Category:OWASP Backend Security Project|OWASP Backend Security Project]]
: this is a new project created to improve and to collect the existant information about the backend security. (Assessment Criteria v1.0)

; [[:Category:OWASP Securing WebGoat using ModSecurity Project |OWASP Securing WebGoat using ModSecurity Project]]
: the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. (Assessment Criteria v1.0)

'''DETECT: 

; [[:Category:OWASP Tools Project|OWASP Tools Project]]
: the OWASP Tools Project's goal is to provide unbiased, practical information and guidance about application security tools. (Assessment Criteria v1.0)

'''LIFE CYCLE: 

; [[:Category:OWASP CLASP Project|OWASP CLASP Project]]
: a project focused on defining process elements that reinforce application security (Assessment Criteria v1.0)

; [[:Category:OWASP Education Project|OWASP Education Project]]
: a project to build educational tracks and modules for different audiences. (Assessment Criteria v1.0)

; [[OWASP_Internationalization | OWASP Internationalization Project]]
: general guidelines to start a new translation project for OWASP site and projects. (Assessment Criteria v1.0)

; [[OWASP_Spanish | OWASP Spanish Project]]
: first translation effort to make OWASP site and project completely available in Spanish language. (Assessment Criteria v1.0)

</td></tr></table>

==== Alpha Status Projects ====
* Alpha quality projects are generally usable but may lack documentation or quality review.
* Projects are listed below.
<table width="100%" valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>

; [[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project]]
: The idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. (Assessment Criteria v1.0)

; [[Classic_ASP_Security_Project |OWASP Classic ASP Security Project]]
: it aims in creating a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. (Assessment Criteria v1.0)

; [[:Category:OWASP CRM Project|OWASP CRM Project]]
: provides a management system for membership, projects, industry and chapters and users of OWASP projects (Assessment Criteria v1.0)

;[[:Category:OWASP Cryttr - Encrypted Twitter Project|OWASP Cryttr - Encrypted Twitter Project]]
: a way to do some encrypted messaging to a group of distributed people with as little overhead as possible. (Assessment Criteria v2.0)

; [[:Category:OWASP CSRFTester Project|OWASP CSRFTester Project]]
: gives developers the ability to test their applications for CSRF flaws (Assessment Criteria v1.0)

; [[:Category:OWASP Encrypted Syndication Project|OWASP Encrypted Syndication Project]]
: complements the OWASP Cryttr - Encrypted Twitter Project and serves other few other front ends that can use Encrypted Syndication Protocol. (Assessment Criteria v2.0)

; [[:Category:OWASP EnDe|OWASP EnDe Project]]
: This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web. (Assessment Criteria v1.0)

; [[:Category:OWASP Google Hacking Project|OWASP Google Hacking Project]]
: Google SOAP Search API with Perl (Assessment Criteria v1.0)

; [[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]]
: a web application that includes common web application vulnerabilities (Assessment Criteria v1.0)

; [[:Category:OWASP JBroFuzz|OWASP JBroFuzz Project]]
: a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. This project was sponsored by [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]] (Assessment Criteria v1.0)

; [[:Category:OWASP Joomla Vulnerability Scanner Project|OWASP Joomla Vulnerability Scanner Project]]
: a regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution,XSS, DOS,directory traversal vulnerabilities of a target Joomla! web site

; [[:Category:OWASP JSP Testing Tool Project|OWASP JSP Testing Tool Project]]
: the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. (Assessment Criteria v1.0)

; [[:Category:OWASP JSReg Project|OWASP JSReg Project]]
: the goal of this project is to produce a simplified version of Javascript by using regular expressions to remove dangerous functionality and then use Javascript itself to evaluate the results. (Assessment Criteria v2.0)

; [[:Category:OWASP Learn About Encoding Project|OWASP Learn About Encoding Project]]
: this project has as its ultimate goal of demystifying the problems related to the study of character encoding (charset encoding). (Assessment Criteria v1.0)

; [[:Category:OWASP Mutillidae|OWASP Mutillidae Project]]
: a deliberately vulnerable set of PHP scripts that implement the OWASP Top 10

; [[:Category:OWASP NetBouncer Project|OWASP NetBouncer Project]]
: is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level. (Assessment Criteria v1.0)

; [[:Category:OWASP Open Review Project|OWASP Open Review Project (ORPRO)]]
: a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. (Assessment Criteria v1.0)

; [[:Category:OWASP PHP AntiXSS Library Project|OWASP PHP AntiXSS Library Project]]
: reduce cross-site scripting vulnerabilities by encoding your output (Assessment Criteria v1.0)

; [[:Category:OWASP Python Static Analysis Project|OWASP Python Static Analysis Project]]
: the aim of this project is to provide full language support,other Python frameworks support, analysis improvement, reporting capability, documentation, promotion materials: publication-ready article and presentation (Assessment Criteria v1.0)

; [[:Category:OWASP Proxy|OWASP Proxy Project]]
: aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. (Assessment Criteria v1.0)

; [[:Category:OWASP Sprajax Project|OWASP Sprajax Project]]
: an open source black box security scanner used to assess the security of AJAX-enabled applications (Assessment Criteria v1.0)

; [[:Category:OWASP Stinger Project|OWASP Stinger Project]]
: a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications (Assessment Criteria v1.0)

; [[:Category:OWASP Vicnum Project|OWASP Vicnum Project]]
: a lightweight vulnerable web application based on a game played to kill time which demonstrates common web application vulnerabilities such as cross site scripting (Assessment Criteria v1.0)

; [[:Category:OWASP Wapiti Project|OWASP Wapiti Project]]
: the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable (Assessment Criteria v1.0)

; [[:Category:OWASP Web Application Security Metric using Attack Patterns Project|OWASP Web Application Security Metric using Attack Patterns Project]]
: the project provides attack pattern database along with prototype model (Assessment Criteria v1.0)

; [[:Category:OWASP_Web_2.0_Project|OWASP Web 2.0 Project]]
: a place for advanced research of security in the Web 2.0 world (Assessment Criteria v1.0)

; [[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]
: this is web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)

; [[:Category:OWASP Webslayer Project|OWASP Webslayer Project]]
: a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (Assessment Criteria v1.0)

; [[:Category:OWASP Yasca Project|OWASP Yasca Project]]
: Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools. (Assessment Criteria v1.0)

</td><td>

; [[:Category:OWASP ASDR Project | OWASP ASDR Project]]
: is a reference volume that contains basic information about all the foundational topics in application security (Assessment Criteria v1.0)

; [[:Category:OWASP AIR Security Project|OWASP AIR Security Project]]
: investigating the security of AIR applications (Assessment Criteria v1.0)

; [[:Category:OWASP AJAX Security Project|OWASP AJAX Security Guide]]
: investigating the security of AJAX enabled applications (Assessment Criteria v1.0)

; [[:Category:OWASP Anti-Malware Project|OWASP Anti-Malware Project]]
: describing common flaws in security designs (Assessment Criteria v1.0)

; [[:Category:OWASP Application Security Requirements Project|OWASP Application Security Requirements]] (Assessment Criteria v1.0)

; [[:Category:OWASP Best Practices: Use of Web Application Firewalls|OWASP Best Practices: Use of Web Application Firewalls]]
: the document is aimed primarily at technical decision-makers, especially those responsible for operations and security (Assessment Criteria v1.0)

; [[:Category:OWASP Book Cover & Sleeve Design|OWASP Book Cover & Sleeve Design]]
: this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve.
(Assessment Criteria v1.0)

; [[:Category:OWASP Boot Camp Project|OWASP Boot Camp Project]]
: this project was started to supply a brief information about the OWASP projects. (Assessment Criteria v1.0)

; [[:Category:OWASP Career Development Project|OWASP Career Development Project]]
: The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. (Assessment Criteria v1.0)

; [[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]
(Assessment Criteria v1.0)

; [[:Category:OWASP Certification Project|OWASP Certification Project]]
: our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. (Assessment Criteria v1.0)

; [[:Category:OWASP Communications Project|OWASP Communications Project]]
(Assessment Criteria v1.0)

; [[:Category:OWASP Cloud ‐ 10 Project|OWASP Cloud ‐ 10 Project]]
: The goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. (Assessment Criteria v2.0)

; [[:Category:OWASP Content Validation using Java Annotations Project|OWASP Content Validation using Java Annotations Project]]
: We wish to explore the use of Java annotations for object validation, specifically for content validation. the result will be a framework which should be easy to use with an existing application. (Assessment Criteria v2.0)

; [[:Category:OWASP Flash Security Project|OWASP Flash Security Project]]
: investigating the security of Flash applications (Assessment Criteria v2.0)

; [[:Category:OWASP Individual and Corporate Member Packs plus Conference Attendee Packs Brief|OWASP Member Packs/Conference Attendee Packs]]
: this is a project of corporate design to develop an Individual/Member Pack. (Assessment Criteria v1.0)

; [[:Category:OWASP Java Project|OWASP Java Project]]
: a project focused on helping Java and J2EE developers build secure applications (Assessment Criteria v1.0)

; [[:Category:OWASP Logging Project|OWASP Logging Guide]]
: a project to define best practices for logging and log management (Assessment Criteria v1.0)

; [[:Category:OWASP ModSecurity Core Rule Set Project|OWASP ModSecurity Core Rule Set Project]]
: a project to document and develop the ModSecurity Core Rule Set (Assessment Criteria v1.0)

; [[:Category:OWASP PCI Project|OWASP PCI Project]]
: a project to build and maintain community concensus for managing regulatory risk of web applications (Assessment Criteria v1.0)

; [[:Category:OWASP PHP Project|OWASP PHP Project]]
: a project focused on helping PHP developers build secure applications (Assessment Criteria v1.0)

; [[:Category:OWASP Positive Security Project | OWASP Positive Security Project]]
: a project to learn how companies are working to create a positive security approach on their own resources and use this knowledge to create a set of control, marketing and awareness tools that will be available to promote and construct a positive approach to security worldwide (Assessment Criteria v1.0)

; [[:Category:OWASP SASAP Project|OWASP Scholastic Application Security Assessment Project]]
: a project that is intended to be the first step towards integrating security requirements in academic course curriculum (Assessment Criteria v1.0)

; [[:Category:OWASP Security Analysis of Core J2EE Design Patterns Project|OWASP Security Analysis of Core J2EE Design Patterns Project]]
: a to be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks (Assessment Criteria v2.0)

; [[:Category:OWASP_Security_Spending_Benchmarks|OWASP Security Spending Benchmarks]]
: provides insight to reduce operational appsec costs (Assessment Criteria v1.0)

; [[:Category:Software Assurance Maturity Model|Software Assurance Maturity Model (SAMM)]]
: this project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that's tailored to the specific business risks facing the organization.

; [[:Category:OWASP Source Code Flaws Top 10 Project|OWASP Source Code Flaws Top 10 Project]]
: a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review (Assessment Criteria v1.0)

; [[:Category:OWASP Validation Project|OWASP Validation Project]]
: a project that provides guidance and tools related to validation (Assessment Criteria v1.0)

; [[:Category:OWASP WASS Project|OWASP WASS Guide]]
: a standards project to develop more concrete criteria for secure applications (Assessment Criteria v1.0)

; [[:Category:OWASP Web Application Scanner Specification Project|OWASP Web Application Scanner Specification Project]]
: there will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. (Assessment Criteria v1.0)

; [[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]
: real-world web application security for Ruby on Rails, Apache and MySQL (Assessment Criteria v1.0)

; [[:Category:OWASP XML Security Gateway Evaluation Criteria Project|OWASP XML Security Gateway Evaluation Criteria]]
: a project to define evaluation criteria for XML Security Gateways (Assessment Criteria v1.0)

; [[:Category:OWASP on the Move Project|OWASP on The Move Project]]
: a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)

; [[:Category:OWASP Speakers Project|OWASP Speakers Project]]
: a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)

; [[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]]
: a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements. (Assessment Criteria v1.0)

</td></tr></table>

==== Inactive Projects ====
* Inactive projects are unrated projects (projects that have not reached any one of Alpha, Beta, or Release status) which may have been abandoned. Efforts are being made to contact project leads to determine status and plans for future work.
* Projects are listed below.
<table width="100%" valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>

; [[:Category:OWASP CAL9000 Project|OWASP CAL9000 Project]]
: a JavaScript based web application security testing suite

; [[:Category:OWASP Interceptor Project|OWASP Interceptor Project]]
: A testing tool for XML web service and Ajax interfaces.

</td><td>

; [[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]]
: establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment (Assessment Criteria v1.0)

; [[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]]
: identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security (Assessment Criteria v1.0)

; [[:OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]]
: This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.

</td></tr></table>
__NOTOC__
<headertabs/>

{{PutInCategory}}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:40:28Z

Dag Hovland:

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag_Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Not yet (July 17 2009). Some documentation missing.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:39:28Z

Dag Hovland:

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag_Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Not yet (July 17 2009). Missing user pages and overview

| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:39:10Z

Dag Hovland: email into user page links

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [:User:Dag_Hovland|Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Not yet (July 17 2009). Missing user pages and overview

| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:37:34Z

Dag Hovland: question 4 and 5

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Not yet (July 17 2009). Missing user pages and overview

| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:36:40Z

Dag Hovland: gpl -> lgpl

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Not yet (July 17 2009)

| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net]

| 4. Is there working code?
= answer 4

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:36:08Z

Dag Hovland: /* Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release */

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Not yet (July 17 2009)

| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/gpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net]

| 4. Is there working code?
= answer 4

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T12:35:32Z

Dag Hovland: Answered three questions

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
Not yet (July 17 2009)

| 2. Is your tool licensed under an open source license?
Yes. Code under [http://www.gnu.org/licenses/gpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
Yes. [http://shipvalidator.sourceforge.net]

| 4. Is there working code?
= answer 4

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project

2009-07-17T12:27:18Z

Dag Hovland: Added overview to main tab

==== Main ====

= Overview =

We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework. We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

User:Dag Hovland

2009-07-17T12:21:06Z

Dag Hovland:

Dag Hovland is involved in the OWASP Project [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project|Content Validation using Java Annotations]].

'''''CV:'''''
<ul>
<li> PhD student at University of Bergen, Dept. of Informatics, 2007-present
<li> MD Computer Science, University of Bergen, 2006
</ul>

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

'''''Web-site:''''' [http://www.ii.uib.no/~dagh www.ii.uib.no/~dagh]

User:Dag Hovland

2009-07-17T12:20:29Z

Dag Hovland:

Dag Hovland is involved in [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project]]

'''''CV:'''''
<ul>
<li> PhD student at University of Bergen, Dept. of Informatics, 2007-present
<li> MD Computer Science, University of Bergen, 2006
</ul>

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

'''''Web-site:''''' [http://www.ii.uib.no/~dagh www.ii.uib.no/~dagh]

User:Dag Hovland

2009-07-17T12:19:43Z

Dag Hovland:

Dag Hovland is involved in [[Category:OWASP_Content_Validation_using_Java_Annotations_Project]]
'''''CV:'''''
<ul>
<li> PhD student at University of Bergen, Dept. of Informatics, 2007-present
<li> MD Computer Science, University of Bergen, 2006
</ul>

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

'''''Web-site:''''' [http://www.ii.uib.no/~dagh www.ii.uib.no/~dagh]

User:Dag Hovland

2009-07-17T12:19:30Z

Dag Hovland:

Dag Hovland is involved in [Category:OWASP_Content_Validation_using_Java_Annotations_Project]
'''''CV:'''''
<ul>
<li> PhD student at University of Bergen, Dept. of Informatics, 2007-present
<li> MD Computer Science, University of Bergen, 2006
</ul>

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

'''''Web-site:''''' [http://www.ii.uib.no/~dagh www.ii.uib.no/~dagh]

User:Dag Hovland

2009-07-17T12:16:20Z

Dag Hovland:

'''''CV:'''''
<ul>
<li> PhD student at University of Bergen, Dept. of Informatics, 2007-present
<li> MD Computer Science, University of Bergen, 2006
</ul>

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

User:Dag Hovland

2009-07-17T12:15:54Z

Dag Hovland:

'''''CV:'''''
# PhD student at University of Bergen, Dept. of Informatics, 2007-present
# MD Computer Science, University of Bergen, 2006

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:''''' Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

User:Dag Hovland

2009-07-17T12:15:27Z

Dag Hovland: Added contact details

'''''CV:''''' PhD student at University of Bergen, Dept. of Informatics, 2007-present
MD Computer Science, University of Bergen, 2006

'''''Email''''': [mailto:dag.hovland@uib.no dag.hovland@uib.no]

'''''Phone:''''' +47 970 46 378

'''''Work Address:'''''Institutt for informatikk, Universitetet i Bergen, PB. 7803, N-5020 Bergen, Norway

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-07-17T12:08:47Z

Dag Hovland: Added flyer

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:''''' Additions:1. More javadoc. 2. Renamed some classes 3. Fixed a bug in MetaConstraints 4. Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal] 

'''''Release Contributor(s):'''''

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Template:OWASP Content Validation using Java Annotations Project - A

2009-07-17T11:57:56Z

Dag Hovland: Added validatorflyer.pdf

{| width="100%" border="0" align="left"
! style="background:#7b8abd;" | <big>'''what'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this project?''
|-
| colspan="2" | '''OWASP Content Validation using Java Annotations Project'''

''''' Purpose: '''''We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.
We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

|-
! style="background:#7b8abd;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this project?''

|-
| colspan="2" | '''''Project Leader:''''' [mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal] 

'''''Project Maintainer:'''''  

'''''Project Contributor(s):'''''  

|-
! style="background:#7b8abd;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''

|-
| colspan="2" | '''''Project Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validatorflyer.pdf validatorflyer.pdf]

'''''Mail list:''''' [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project Subscribe or read the archives]

'''''Project Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - Roadmap|To view, click here]]

'''''Project main links:''''' : http://shipvalidator.sourceforge.net

'''''Project Health:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - Health Assessment|Not reviewed]] 
''To be reviewed under [[:Assessing Project Health|Assessment Criteria v2.0]]''

|-
| colspan="2" |

|-
! style="background:#ccccff;" |'''Key Contacts'''
! style="background:#ffffff;" align="left" |
|-
| colspan="2" |
* Contact [mailto:dag.hovland@uib.no Dag Hovland] to contribute to this project,
* Contact [mailto:dag.hovland@uib.no Dag Hovland] or [[:Category:Global Projects Committee|GPC]] to review or sponsor this project,
* Contact [[:Category:Global Projects Committee|GPC]] to report a problem or concern about this project or to update information.
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap

2009-07-17T11:44:00Z

Dag Hovland:

'''''Motivation:'''''

For this release we wished to add more javadoc, refactor the code to be more readable and add more diagrams to explain the code.

'''''Usage:'''''

#Add the SHIPValidator.jar to your classpath
#Test whether it works by using the following command: <code>java no.uib.ii.ship.validation.test.Webform</code>
#Add the code below to your application to use the validator. Note that the Validator can be reused.

<code>IValidatorFactory vf = new ValidatorFactory(); //Instantiate a validator factory</code>
<code>Validator val = vf.getValidator(); // Create a validator</code>
<code>ValidationSummary vs = val.validate(w); // validate the annotated object w </code>
<code>System.out.println(vs.toString());</code>

'''''Documentation:'''''

In the folder tex is an article describing the framework which can be used as a first draft of the manual.

'''''Bug in MetaConstraints:'''''

In the work we discovered and fixed a bug in MetaConstraints. This bug was also in the previous two releases, but has been fixed in the downloadable packages.

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap

2009-07-17T11:39:55Z

Dag Hovland:

'''''Motivation:'''''

For this release we wished to add more javadoc, refactor the code to be more readable and add more diagrams to explain the code.

'''''Usage:'''''

#Add the SHIPValidator.jar to your classpath
#Test whether it works by using the following command: <code>java no.uib.ii.ship.validation.test.Webform</code>
#Add the code below to your application to use the validator. Note that the Validator can be reused.

{| width="500" cellspacing="1" cellpadding="1" border="0"
|-
| <code>IValidatorFactory vf = new ValidatorFactory(); //Instantiate a validator factory Validator val = vf.getValidator(); // Create a validator ValidationSummary vs = val.validate(w); // validate the annotated object w System.out.println(vs.toString());</code>
|}

'''''Documentation:'''''

In the folder tex is an article describing the framework which can be used as a first draft of the manual.

'''''Bug in MetaConstraints:'''''

In the work we discovered and fixed a bug in MetaConstraints. This bug was also in the previous two releases, but has been fixed in the downloadable packages.

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap

2009-07-17T11:28:22Z

Dag Hovland: Preliminary roadmap

For this release we wished to add more javadoc, refactor the code to be more readable and add more diagrams to explain the code. In the work we discovered and fixed a bug in MetaConstraints. This bug was also in the previous two releases, but has been removed.

--------------------------------------------
Usage
--------------------------------------------

1) Add the SHIPValidator.jar to your classpath
2) Test whether it works by using the following command:
java no.uib.ii.ship.validation.test.Webform

3) Add the following code to your application to use the validator:

IValidatorFactory vf = new ValidatorFactory(); //Instantiate a validator factory
Validator val = vf.getValidator(); // Create a validator
ValidationSummary vs = val.validate(w); // validate the annotated object w
System.out.println(vs.toString()); // See the outcome of the test
(notice that "val" can be reused without having to instantiate a new validator)

In the folder tex is possible to find the article describing the framework which can be used as a first draft of the manual.

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-07-17T11:24:23Z

Dag Hovland: Copied from assessment of release 0.2

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====
'''''[mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= answer 1

| 2. Is your tool licensed under an open source license?
= answer 2

| 3. Is the source code and any documentation available in an online project repository?
= answer 3

| 4. Is there working code?
= answer 4

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= answer 5

| 6. Are the Alpha pre-assessment items complete?
= answer 6

| 7. Is there an installer or stand-alone executable?
= answer 7

| 8. Is there user documentation on the OWASP project wiki page?
= answer 8

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= answer 14

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====
'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' 
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====
'''''[[User:name|Second Reviewer]]'s Review:''''' 
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-07-17T11:16:27Z

Dag Hovland: Copyed from release 0.2. New Main features and release name

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:''''' Additions:1. More javadoc. 2. Renamed some classes 3. Fixed a bug in MetaConstraints 4. Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal] 

'''''Release Contributor(s):'''''

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' Add pdf

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Template:OWASP Content Validation using Java Annotations Project - B

2009-07-17T11:13:54Z

Dag Hovland: Changed main links of release 0.2 and 0.3

{| width="100%" border="0" align="left"
! style="background:#cccccc;" | <big>current release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.3 Release''' - ''July 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Leader:''''' [mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal] 

'''''Release details:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release|Main links, release roadmap and assessment]]

'''''Rating:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed]]
''To be reviewed under [[Assessment Criteria v2.0]]''
|-
! width="50%" style="background:#cccccc;" | <big>last reviewed release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''None as yet'''
|-
! style="background:#cccccc;" | <big>other releases</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.1 Release''' - ''May 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''SHIP Validator 0.2 Release''' - ''June 2009'' - [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release|Main links, release roadmap and assessment]]
|}

Template:OWASP Content Validation using Java Annotations Project - B

2009-07-17T11:04:47Z

Dag Hovland: Added new 0.3 release

{| width="100%" border="0" align="left"
! style="background:#cccccc;" | <big>current release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.3 Release''' - ''June 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Leader:''''' [mailto:federico.mancini@uib.no Federico Mancini], [mailto:dag.hovland@uib.no Dag Hovland], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal] 

'''''Release details:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release|Main links, release roadmap and assessment]]

'''''Rating:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Assessment|Not reviewed]]
''To be reviewed under [[Assessment Criteria v2.0]]''
|-
! width="50%" style="background:#cccccc;" | <big>last reviewed release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''None as yet'''
|-
! style="background:#cccccc;" | <big>other releases</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.1 Release''' - ''May 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''SHIP Validator 0.2 Release''' - ''June 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]
|}

User:Dag Hovland

2009-06-24T12:41:45Z

Dag Hovland: New page: PhD student at University of Bergen, Dept. of Informatics, 2007-present MD Computer Science, University of Bergen, 2006

PhD student at University of Bergen, Dept. of Informatics, 2007-present
MD Computer Science, University of Bergen, 2006