OWASP - User contributions [en]

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator - 0.3 Release

2011-02-07T08:55:28Z

Federico Mancini:

{{ Template:Detailed Release Information

| Release Name and Version
= SHIP Validator 0.3 Release

| Release Date
= July 2009

| Release Download Link
= [http://sourceforge.net/projects/shipvalidator/ download]

| Main Features
= 1. More javadoc, 2. Improved class names, 3. Fixed a bug in the class MetaConstraints, 4. Added diagrams to tex/tecrep/fig

| Release Leader - Wiki Account
= [[:User:Dag_Hovland|Dag Hovland]]

| Release Contributor(s)
= [[:User:Federico_Mancini|Federico Mancini]], [[:user:Khalid_Azim_Mughal|Khalid Azim Mughal]]

| Release Reviewer(s)
= [[:user:Dinis.cruz|Dinis Cruz]], [[:user:Mtesauro|Matt Tesauro]]

| Release Mentor(s)
= if any

| Release Sponsor(s)
=

| Release Flyer/Pamphlet
= [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf See here]

| Release Notes
= [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|See here]]

| Release Main Links
= [http://sourceforge.net/projects/shipvalidator/ Download], [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf Documentation]

| Release Assessment
= [[Image:Yellow button.JPG|25px]] [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Assessment|Not reviewed/Targeted at Stable Release]]

| Assessment Criteria Version
= [[:Assessing Project Health|Assessment Criteria v2.0]]

}}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator - 0.3 Release

2011-02-07T08:54:56Z

Federico Mancini:

{{ Template:Detailed Release Information

| Release Name and Version
= SHIP Validator 0.3 Release

| Release Date
= July 2009

| Release Download Link
= [http://sourceforge.net/projects/shipvalidator/ download]

| Main Features
= 1. More javadoc, 2. Improved class names, 3. Fixed a bug in the class MetaConstraints, 4. Added diagrams to tex/tecrep/fig

| Release Leader - Wiki Account
= [[:User:Dag_Hovland|Dag Hovland]]

| Release Contributor(s)
= [[:User:Federico_Mancini|Federico Mancini]], [[:user:Khalid_Azim_Mughal|Khalid Azim Mughal]]

| Release Reviewer(s)
= [[:user:Dinis.cruz|Dinis Cruz]], [[:user:Mtesauro|Matt Tesauro]]

| Release Mentor(s)
= if any

| Release Sponsor(s)
=

| Release Flyer/Pamphlet
= [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf See here]

| Release Notes
= [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|See here]]

| Release Main Links
= [http://sourceforge.net/projects/shipvalidator/ Download], [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf]

| Release Assessment
= [[Image:Yellow button.JPG|25px]] [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Assessment|Not reviewed/Targeted at Stable Release]]

| Assessment Criteria Version
= [[:Assessing Project Health|Assessment Criteria v2.0]]

}}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-09-21T12:57:29Z

Federico Mancini: /* Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release */

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= No, it is a .jar file (library) to be used in conjunction with J2EE. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= Yes

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= Yes, in the readme file that comes with the code.

| 11. Is the tool documentation stored in the same repository as the source code?
= Only a preliminary version, the full version is at [http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009 link].

| 12. Are the Alpha and Beta pre-assessment items complete?
= Yes

| 13. Does the tool include documentation built into the tool?
= Yes, Java doc.

| 14. Does the tool include build scripts to automate builds?
= Yes. An ant build-file (build.xml) is included in the jar avilable from [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net].

| 15. Is there a publicly accessible bug tracking system?
= Yes. [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracking tool]

| 16. Have any existing limitations of the tool been documented?
= Yes, partly in a [http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009 technical report], and more extensively in a on-going article.
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-09-21T12:55:11Z

Federico Mancini: /* Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release */

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= No, it is a .jar file (library) to be used in conjunction with J2EE. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= Yes

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= Yes, in the readme file that comes with the code.

| 11. Is the tool documentation stored in the same repository as the source code?
= Only a preliminary version, the full version is at [http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009 link].

| 12. Are the Alpha and Beta pre-assessment items complete?
= Yes

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= Yes. An ant build-file (build.xml) is included in the jar avilable from [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net].

| 15. Is there a publicly accessible bug tracking system?
= Yes. [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracking tool]

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-09-21T12:53:13Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:'''''
# More javadoc
# Improved class names
# Fixed a bug in the class MetaConstraints
# Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]],[http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)] [http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009 DOCUMENTATION]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Template:OWASP Content Validation using Java Annotations Project - A

2009-09-21T12:51:43Z

Federico Mancini:

{| width="100%" border="0" align="left"
! style="background:#7b8abd;" | <big>'''what'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this project?''
|-
| colspan="2" | '''OWASP Content Validation using Java Annotations Project'''

''''' Purpose: '''''We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.
We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

|-
! style="background:#7b8abd;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this project?''

|-
| colspan="2" | '''''Project Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Project Maintainer:'''''  [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]] 

'''''Project Contributor(s):'''''  

|-
! style="background:#7b8abd;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''

|-
| colspan="2" | '''''Project Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validatorflyer.pdf validatorflyer.pdf]

'''''Mail list:''''' [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project Subscribe or read the archives]

'''''Project Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - Roadmap|To view, click here]]

'''''Project main links:''''' : http://shipvalidator.sourceforge.net, http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009

'''''Project Health:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - Health Assessment|Not reviewed]] 
''To be reviewed under [[:Assessing Project Health|Assessment Criteria v2.0]]''

|-
| colspan="2" |

|-
! style="background:#ccccff;" |'''Key Contacts'''
! style="background:#ffffff;" align="left" |
|-
| colspan="2" |
* Contact [[User:Dag_Hovland|Dag Hovland]] to contribute to this project,
* Contact [[User:Dag_Hovland|Dag Hovland]] or [[:Category:Global Projects Committee|GPC]] to review or sponsor this project,
* Contact [[:Category:Global Projects Committee|GPC]] to report a problem or concern about this project or to update information.
|}

Category:OWASP Content Validation using Java Annotations Project - Roadmap

2009-09-21T12:49:31Z

Federico Mancini: /* Road Map and Milestones */

= Road Map and Milestones =
* Continuous code review and refactoring of the code base.
* Extend the library of tests and annotations.
* Improve support for composing annotations and for cross-tests.
* Improve support for querying the validation results.
* Plan for frequent new releases of the framework
* Make contact with other groups working on validation with annotations.

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Roadmap

2009-09-21T12:48:19Z

Federico Mancini:

The main goal in this release was to implement the support to create cross-annotations by combining test-annotations.
It was a natural thing to do since the beginning, but some technical problems arose during the implementation.
In this release we propose one of the ways in which this feature can be made available in the current architecture,
however we are still looking for a more satisfactory solution.

Besides also a significant refactoring of the code has been performed, among which the adoption of
the strategy and composition pattern.

Category:OWASP Content Validation using Java Annotations Project

2009-09-21T12:46:34Z

Federico Mancini: /* Main Links */

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]
while a full technical report can be downloaded here [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuously improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation
* Improve both the documentation
* Implement a better summary for the validation results, that can contain custom error messages and that is easy to query by the user

= Main Links =

Full technical report [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf TECHNICAL DOCUMENTATION]

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

Email list [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project owasp_cvuja_project]

Bug Tracker : [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracker]
==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

''''' Releases' License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]

Category:OWASP Content Validation using Java Annotations Project

2009-09-21T12:45:34Z

Federico Mancini: /* Overview */

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]
while a full technical report can be downloaded here [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuously improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation
* Improve both the documentation
* Implement a better summary for the validation results, that can contain custom error messages and that is easy to query by the user

= Main Links =

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

Email list [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project owasp_cvuja_project]

Bug Tracker : [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracker]
==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

''''' Releases' License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release

2009-08-14T12:23:24Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.2 Release - ''June 2009''

'''''Main Features:'''''
# Support for composing Test-Annotations into Cross-Annotations
# Refactoring of the code by usage of the composite and strategy patterns.

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' Add pdf

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-08-14T12:21:08Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:'''''
# More javadoc
# Improved class names
# Fixed a bug in the class MetaConstraints
# Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]],[http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Template:OWASP Content Validation using Java Annotations Project - B

2009-08-14T12:20:49Z

Federico Mancini:

{| width="100%" border="0" align="left"
! style="background:#cccccc;" | <big>current release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.3 Release''' - ''July 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Release details:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release|Main links, release roadmap and assessment]]

'''''Rating:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed]]
''To be reviewed under [[Assessment Criteria v2.0]]''
|-
! width="50%" style="background:#cccccc;" | <big>last reviewed release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''None as yet'''
|-
! style="background:#cccccc;" | <big>other releases</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.1 Release''' - ''May 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''SHIP Validator 0.2 Release''' - ''June 2009'' - [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release|Main links, release roadmap and assessment]]
|}

Template:OWASP Content Validation using Java Annotations Project - A

2009-08-14T12:19:55Z

Federico Mancini:

{| width="100%" border="0" align="left"
! style="background:#7b8abd;" | <big>'''what'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this project?''
|-
| colspan="2" | '''OWASP Content Validation using Java Annotations Project'''

''''' Purpose: '''''We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.
We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

|-
! style="background:#7b8abd;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this project?''

|-
| colspan="2" | '''''Project Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [http://www.owasp.org/index.php/User:Khalid_Azim_Mughal Khalid Azim Mughal] 

'''''Project Maintainer:'''''  

'''''Project Contributor(s):'''''  

|-
! style="background:#7b8abd;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''

|-
| colspan="2" | '''''Project Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validatorflyer.pdf validatorflyer.pdf]

'''''Mail list:''''' [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project Subscribe or read the archives]

'''''Project Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - Roadmap|To view, click here]]

'''''Project main links:''''' : http://shipvalidator.sourceforge.net

'''''Project Health:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - Health Assessment|Not reviewed]] 
''To be reviewed under [[:Assessing Project Health|Assessment Criteria v2.0]]''

|-
| colspan="2" |

|-
! style="background:#ccccff;" |'''Key Contacts'''
! style="background:#ffffff;" align="left" |
|-
| colspan="2" |
* Contact [[User:Dag_Hovland|Dag Hovland]] to contribute to this project,
* Contact [[User:Dag_Hovland|Dag Hovland]] or [[:Category:Global Projects Committee|GPC]] to review or sponsor this project,
* Contact [[:Category:Global Projects Committee|GPC]] to report a problem or concern about this project or to update information.
|}

Template:OWASP Content Validation using Java Annotations Project - A

2009-08-14T12:19:05Z

Federico Mancini:

{| width="100%" border="0" align="left"
! style="background:#7b8abd;" | <big>'''what'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this project?''
|-
| colspan="2" | '''OWASP Content Validation using Java Annotations Project'''

''''' Purpose: '''''We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.
We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

|-
! style="background:#7b8abd;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this project?''

|-
| colspan="2" | '''''Project Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], c 

'''''Project Maintainer:'''''  

'''''Project Contributor(s):'''''  

|-
! style="background:#7b8abd;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''

|-
| colspan="2" | '''''Project Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validatorflyer.pdf validatorflyer.pdf]

'''''Mail list:''''' [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project Subscribe or read the archives]

'''''Project Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - Roadmap|To view, click here]]

'''''Project main links:''''' : http://shipvalidator.sourceforge.net

'''''Project Health:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - Health Assessment|Not reviewed]] 
''To be reviewed under [[:Assessing Project Health|Assessment Criteria v2.0]]''

|-
| colspan="2" |

|-
! style="background:#ccccff;" |'''Key Contacts'''
! style="background:#ffffff;" align="left" |
|-
| colspan="2" |
* Contact [[User:Dag_Hovland|Dag Hovland]] to contribute to this project,
* Contact [[User:Dag_Hovland|Dag Hovland]] or [[:Category:Global Projects Committee|GPC]] to review or sponsor this project,
* Contact [[:Category:Global Projects Committee|GPC]] to report a problem or concern about this project or to update information.
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap

2009-08-11T09:25:46Z

Federico Mancini:

To get to a first stable release there are still a few things that need to be completed:

* A full documentation of the framework architecture and a user manual.
* A bug tracking system
* An implementation of a summary that can contain custom error messages and that is easy to query. The idea is to generate the summary in XML and use the standard XML tools to query it.
* More standard annotations

Category:OWASP Content Validation using Java Annotations Project

2009-08-11T09:22:46Z

Federico Mancini:

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuously improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation
* Improve both the documentation
* Implement a better summary for the validation results, that can contain custom error messages and that is easy to query by the user

= Main Links =

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

Email list [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project owasp_cvuja_project]

Bug Tracker : [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracker]
==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

''''' Releases' License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap

2009-08-10T13:04:36Z

Federico Mancini:

To get to a first stable release two things still need to be completed:

- A full documentation of the framework architecture and a user manual.
- A bug tracking system

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T12:56:16Z

Federico Mancini:

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= No, it is a .jar file (library) to be used in conjunction with J2EE. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= Yes

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= Yes, in the readme file that comes with the code.

| 11. Is the tool documentation stored in the same repository as the source code?
= Yes, but a more comprehensive technical report will soon be available from a separate source.

| 12. Are the Alpha and Beta pre-assessment items complete?
= Yes

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= Yes. An ant build-file (build.xml) is included in the jar avilable from [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net].

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment

2009-08-10T12:48:27Z

Federico Mancini:

== Stable Release Review of the OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release ==

==== Project Leader for this Release ====

'''''[mailto:federico.mancini@uib.no Federico Mancini], [[:User:Dag Hovland|Dag Hovland]], [mailto:Khalid.Mughal@uib.no Khalid Azim Mughal]'s Pre-Assessment Checklist:'''''

{{:Template:Pre-Assessment Questions - Tools

| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
= Yes.
| 2. Is your tool licensed under an open source license?
= Yes. Code under [http://www.gnu.org/licenses/lgpl-3.0.html LGPLv3]

| 3. Is the source code and any documentation available in an online project repository?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 4. Is there working code?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?
= Yes. [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project_-_SHIP_Validator_0.3_Release_-_Roadmap|Roadmap]]

| 6. Are the Alpha pre-assessment items complete?
= Yes

| 7. Is there an installer or stand-alone executable?
= Yes. [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net]

| 8. Is there user documentation on the OWASP project wiki page?
= Yes

| 9. Is there an "About box" or similar help item which lists the following?
= answer 9

| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
= answer 10

| 11. Is the tool documentation stored in the same repository as the source code?
= answer 11

| 12. Are the Alpha and Beta pre-assessment items complete?
= answer 12

| 13. Does the tool include documentation built into the tool?
= answer 13

| 14. Does the tool include build scripts to automate builds?
= Yes. An ant build-file (build.xml) is included in the jar avilable from [http://shipvalidator.sourceforge.net shipvalidator.sourceforge.net].

| 15. Is there a publicly accessible bug tracking system?
= answer 15

| 16. Have any existing limitations of the tool been documented?
= answer 16
}}

==== First Reviewer ====

'''''[mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]'s Review:''''' Ideally, reviewers should be an existing OWASP project leader or chapter leader.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

==== Second Reviewer ====

'''''[[User:Name|Second Reviewer]]'s Review:''''' It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

{{ Assessment Questions - Tools

| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.

| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
= (answer #2)

|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
= (answer #3)

| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
= (answer #4)

| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
= (answer #5)

| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
= (answer #6)

| 7. Does the tool substantially address the application security issues it was created to solve?
= (answer #7)

| 8. Is the tool reasonably easy to use?
= (answer #8)

| 9. Does the documentation meet the needs of the tool users and is easily found?
= (answer #9)

| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
= (answer #10)

| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
= (answer #11)

| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
= (answer #12)

| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
= (answer #13)

| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
= (answer #14)

}}

__NOTOC__ <headertabs />

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Roadmap

2009-08-04T11:14:32Z

Federico Mancini:

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap

2009-08-04T11:11:29Z

Federico Mancini:

This release was meant mostly as a refined version of the 0.2 release.
The main work has been done on the documentation, both javadoc and technical diagrams of the framework architecture.

'''''Bug in MetaConstraints:'''''

In the work we discovered and fixed a bug in MetaConstraints. This bug was also in the previous two releases, but has been fixed in the downloadable packages.

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-08-04T11:09:11Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:'''''
# More javadoc
# Improved class names
# Fixed a bug in the class MetaConstraints
# Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-08-04T11:08:54Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:'''''
* More javadoc
* Improved class names
* Fixed a bug in the class MetaConstraints
* Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release

2009-08-04T11:05:38Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.2 Release - ''June 2009''

'''''Main Features:'''''
# Support for composing Test-Annotations into Cross-Annotations
# Refactoring of the code by usage of the composite and strategy patterns.

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' Add pdf

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-08-04T11:02:56Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:'''''
* Support to compose property-annotations into cross-annotations
* More javadoc
* Improved class names
* Fixed a bug in the class MetaConstraints
* Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release

2009-08-04T09:57:43Z

Federico Mancini:

''What does this OWASP project release offer you''

{| width="100%" border="0" align="left"
|-
! style="background:#cccccc;" |<big>what</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is this release?''
|-
| colspan="2" | 
''''' Release Name and Version:''''' SHIP Validator 0.3 Release - ''July 2009''

'''''Main Features:''''' Additions:1. More javadoc. 2. Renamed some classes 3. Fixed a bug in MetaConstraints 4. Added diagrams to tex/tecrep/fig

''''' Release License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/gpl-3.0.html GPL v3 for code]
|-
! style="background:#cccccc;" | <big>'''who'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''is working on this release?''
|-
| colspan="2" | '''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Contributor(s):''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release Reviewer(s):''''' [mailto:jan-hendrik.kuperus@sogeti.nl Jan Hendrik Kuperus]

'''''Release Mentor(s):''''' None

'''''Release Sponsor(s):''''' None
|-
! style="background:#cccccc;" | <big>'''how'''</big>
! style="background:#ffffff;" align="left" colspan="1" | ''can you learn more?''
|-
| colspan="2" | '''''Release Flyer/Pamphlet:''''' [http://www.ii.uib.no/~dagh/validator0.3flyer.pdf validator0.3flyer.pdf]

'''''Release Roadmap:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Roadmap|Click here to view]]

'''''Release Main Links:''''' [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Assessment:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed/Targeted at Stable Release]] 
''Release reviewed under [[Assessment Criteria v2.0]]''
|}

Template:OWASP Content Validation using Java Annotations Project - B

2009-08-04T09:54:26Z

Federico Mancini:

{| width="100%" border="0" align="left"
! style="background:#cccccc;" | <big>current release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.3 Release''' - ''July 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Leader:''''' [[User:Federico_Mancini|Federico Mancini]], [[User:Dag_Hovland|Dag Hovland]], [[User:Khalid_Mughal|Khalid Mughal]] 

'''''Release details:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release|Main links, release roadmap and assessment]]

'''''Rating:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed]]
''To be reviewed under [[Assessment Criteria v2.0]]''
|-
! width="50%" style="background:#cccccc;" | <big>last reviewed release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''None as yet'''
|-
! style="background:#cccccc;" | <big>other releases</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.1 Release''' - ''May 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''SHIP Validator 0.2 Release''' - ''June 2009'' - [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release|Main links, release roadmap and assessment]]
|}

User:Federico Mancini

2009-08-04T09:51:33Z

Federico Mancini:

Federico Mancini has been working in the Programming Theory group at the University of Bergen as researcher in the SHIP project [http://www.uib.no/fg/put/prosjekter/ship] since 2008.
He is currently investigating the use of Java annotations for input validation purpouses.
Federico Mancini has an engineering degree in Informatics from La Terza Universita di Roma and a PhD in Algorithms from the University of Bergen.

* OWASP project I am involved in:''''' [[:Category:OWASP_Content_Validation_using_Java_Annotations_Project|Content Validation using Java Annotations]]
* Web-site:''''' [http://www.ii.uib.no/~federico www.ii.uib.no/~federico]
* Email:''''' [mailto:fma042@uib.no fma042@uib.no]
* To see my wiki contributions, ''''' [[:Special:Contributions/Federico_Mancini|click here]]

Template:OWASP Content Validation using Java Annotations Project - B

2009-08-04T09:45:11Z

Federico Mancini:

{| width="100%" border="0" align="left"
! style="background:#cccccc;" | <big>current release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.3 Release''' - ''July 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''''Release Leader:''''' [User:Federico_Mancini], [User:Dag_Hovland], [User:Khalid_Mughal] 

'''''Release details:''''' [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release|Main links, release roadmap and assessment]]

'''''Rating:''''' [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.3 Release - Assessment|Not reviewed]]
''To be reviewed under [[Assessment Criteria v2.0]]''
|-
! width="50%" style="background:#cccccc;" | <big>last reviewed release</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''None as yet'''
|-
! style="background:#cccccc;" | <big>other releases</big>
! style="background:#ffffff;" align="left" colspan="1" |
|-
| colspan="2" | '''SHIP Validator 0.1 Release''' - ''May 2009'' - [http://sourceforge.net/projects/shipvalidator/ (download)]

'''SHIP Validator 0.2 Release''' - ''June 2009'' - [[:Category:OWASP Content Validation using Java Annotations Project - SHIP Validator 0.2 Release|Main links, release roadmap and assessment]]
|}

Category:OWASP Content Validation using Java Annotations Project

2009-08-04T09:39:05Z

Federico Mancini:

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuosly improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation
* Improve both the documentation

= Main Links =

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

''''' Releases' License:''''' [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation 1.2 for documents] & [http://www.gnu.org/licenses/lgpl.html LGPL v3 for code]

Category:OWASP Content Validation using Java Annotations Project

2009-08-04T09:33:08Z

Federico Mancini: First complete draft of project overview

==== Main ====

= Overview =

The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
where the main goal is to provide a clear separation between
validation and application logic.
This separation was achieved by using an XML configuration file
defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether
the need for an XML external file could be eliminated by using annotations
to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented,
the focus of the project shifted to investigate how far annotations can be pushed
for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:
* Easy integration in any esisting Java projects
* High reusability of existing validation tests
* Possibility of creating new custom annotations with little effort

A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]

= Project Goals =

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
help integrate this aspect of security into both new and existing applications.

Th current goals are:
* Continuosly improving the framework with frequent releases
* Extend the library of predefined annotations
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
* Investigate further uses of annotations for input validation

= Main Links =

Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]

==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

Category:OWASP Content Validation using Java Annotations Project

2009-08-04T08:32:57Z

Federico Mancini:

==== Main ====

= Overview =

We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework. We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

= Project Goals =

= Main Links =

==== Project Identification ====
{{Template:OWASP Content Validation using Java Annotations Project}}

[[Category:OWASP Project|Content Validation using Java Annotations Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Alpha Quality Tool]]
[[Category:OWASP Content Validation using Java Annotations Project]]

__NOTOC__
<headertabs/>

User:Federico Mancini

2009-08-04T08:08:31Z

Federico Mancini:

User:Federico Mancini

2009-08-04T08:07:46Z

Federico Mancini:

User:Federico Mancini

2009-08-04T08:07:30Z

Federico Mancini:

Federico Mancini has ben working in the Programming Theory group at the University of Bergen as researcher in the SHIP project [http://www.uib.no/fg/put/prosjekter/ship] since 2008.
He is currently investigating the use of Java annotation sfor input validation purpouses.
Federico Mancini has a engineering degree in Informatics from La Terza Universita di Roma and a PhD in Algorithms from the University of Bergen.

* To see my wiki contributions, [[:Special:Contributions/Federico_Mancini|click here]].
* [mailto:fma042@guib.no Email address].

User:Federico Mancini

2009-08-04T08:06:41Z

Federico Mancini:

User:Federico Mancini

2009-08-04T07:59:06Z

Federico Mancini: Federico Mancini's short presentation

Federico Mancini has ben working in the Programming Theory group at the University of Bergen as a researcher in the SHIP project (Secure Heterogeneous Information Presentation)[http://www.uib.no/fg/put/prosjekter/ship] since 2008.
He is currently investigating the use of Java annotation for input validation purpouses.
Federico Mancini has a engineering degree in Informatics from La Terza Universita di Roma and a PhD in Algorithms from the University of Bergen.