This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SpoC 007 - Orizon Project - Progress Page

Jump to: navigation, search


15th February 2008 - New version of OWASP ORIZON FRAMEWORK TOOL with the source code crawling APIs available for Java and CSharp.

3rd November 2007 - Orizon version 0.50 is the final deliverable for Spoc 2007. I did not reach all the goals I draw for my self back when Spoc started. After all, I'm really happy seeing the final project status. If I had more support from community may be things would go in a better way... however.

15th October 2007 - Official roadmap is located here. Please refer to this page for project milestones. I deleted support for C language to milestones because more effort I'm spending to make dawn quite usable. I think having dawn 50% working is more valuable than having partial C language support.

11st October 2007 - Dawn engine is now operative. It creates helper applications from Java methods, it compiles them, it runs them and collecting their output it scans it for XSS attack pattern to appear. Further improvement will follow asap :)

22nd August 2007 - Orizon release 0.40 is available at sourceforge site. This is an important milestone in the development process. Safe coding recipes APIs are working and the class handling source code being reviewed is now capable of applying a check over the source code xml representation. In fact, static code review is possible by now.

13th July 2007 - The project status as Spoc 2007 start is summarized in the following:

  • java sources are translated into XML using JDK6 APIs;
  • Orizon classes are in a refactoring stage in order to reflect a better approach in design phase;
  • library containing checks is now a Zip file instead of a plain XML file. The library file will contain "receipts", XML files containing security checks grouped by category.

What is missing by now is some checks. I'm looking the web in order to collect "coding best practices" and trying to formalize them in XML.

Next actions

Id Description Priority Blocking?
OR-1 Collecting safe coding best practices High No
OR-2 Creating APIs for XML reports Low No
OR-3 Creating code to handle dynamic test cases generation Medium No

SpoC 2007 Goals

Goal Completeness (%)
Static analysis complete
Dynamic analysis - codename: dawn 50%
Creating a library with 30 checks included 66,67% (20 tests out of 30)
Capability to export results in XML with customizable CSS 10%