This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP CAL9000 Project Roadmap"
From OWASP
(→Wish List) |
(→Version History) |
||
| Line 10: | Line 10: | ||
== Version History == | == Version History == | ||
| + | |||
| + | Nov 15, 2006 - v2.0: | ||
| + | * XSS Attacks Page: | ||
| + | ** Filter attacks by browser support | ||
| + | ** Create/edit/save/delete your own attacks | ||
| + | ** Display user-defined attacks in print-ready list | ||
| + | ** Expanded Regex functionality - Added show/replace/split on matches | ||
| + | * Encoder/Decoder: | ||
| + | ** Added types md4 and sha1 (encode only) | ||
| + | ** Define Base64 special characters and padding character | ||
| + | * HTTP Requests: | ||
| + | ** Added (almost) total control of request components | ||
| + | ** Quickly add request headers (single, by browser, by method) | ||
| + | ** Split/concatenate request parameters and get character count | ||
| + | ** Added AutoAttack feature (send multiple requests at once) | ||
| + | ** Quick encode request components (Url, hex, Unicode, Base64, md5) | ||
| + | ** Requests/responses saved to History file | ||
| + | ** Added History list navigation and functions (delete, print-ready) | ||
| + | * HTTP Responses: | ||
| + | ** Displays target Url, response status codes, headers and body | ||
| + | ** Split out scripts, forms and cookies | ||
| + | ** Display request body in new window as it would appear in browser | ||
| + | ** Added History list navigation and functions (delete, print-ready) | ||
| + | * String Generator: | ||
| + | ** Define character used for string generation | ||
| + | * Testing Checklist: | ||
| + | ** Old testing checklist included as testing tips | ||
| + | ** Added true testing checklist - Create/edit/save/delete checklist items | ||
| + | * AutoAttack List Editor: | ||
| + | ** Create/edit/save/delete attack lists and items | ||
| + | ** Display attack lists in print-ready format | ||
| + | ** Quick encode checklist items (Url, hex, Unicode, Base64, md5) | ||
July 30, 2006 - v1.1: | July 30, 2006 - v1.1: | ||
| Line 27: | Line 59: | ||
* Minor Bugfixes w/ Save State processing | * Minor Bugfixes w/ Save State processing | ||
| − | May 18, 2006 - v1.0. | + | May 18, 2006 - v1.0. |
| − | |||
== Wish List == | == Wish List == | ||
Revision as of 03:40, 15 November 2006
The project's overall goal is to...
Provide a centralized framework for the organization and use of a variety of tools that can assist web application security testers with their manual testing efforts.
In the near term, we are focused on the following tactical goals...
- Implementing major upgrade to the HTTP Requests function.
Version History
Nov 15, 2006 - v2.0:
- XSS Attacks Page:
- Filter attacks by browser support
- Create/edit/save/delete your own attacks
- Display user-defined attacks in print-ready list
- Expanded Regex functionality - Added show/replace/split on matches
- Encoder/Decoder:
- Added types md4 and sha1 (encode only)
- Define Base64 special characters and padding character
- HTTP Requests:
- Added (almost) total control of request components
- Quickly add request headers (single, by browser, by method)
- Split/concatenate request parameters and get character count
- Added AutoAttack feature (send multiple requests at once)
- Quick encode request components (Url, hex, Unicode, Base64, md5)
- Requests/responses saved to History file
- Added History list navigation and functions (delete, print-ready)
- HTTP Responses:
- Displays target Url, response status codes, headers and body
- Split out scripts, forms and cookies
- Display request body in new window as it would appear in browser
- Added History list navigation and functions (delete, print-ready)
- String Generator:
- Define character used for string generation
- Testing Checklist:
- Old testing checklist included as testing tips
- Added true testing checklist - Create/edit/save/delete checklist items
- AutoAttack List Editor:
- Create/edit/save/delete attack lists and items
- Display attack lists in print-ready format
- Quick encode checklist items (Url, hex, Unicode, Base64, md5)
July 30, 2006 - v1.1:
- Focus of this Release: Upgrade Encode/Decode function.
- Added Uppercase check box
- Added Trailing Character text field
- Added Delimiter text field
- Added Include Unselected Text check box
- Added Wrappers
- Added several Encoding/Decoding types
- Added ability to Encode/Decode selected text only
- Added Store/Restore functionality
- Added Selected Text processing
- Added Error/Informational Message functionality
- String Generator can handle larger string sizes
- Minor Bugfixes w/ URL Encoding
- Minor Bugfixes w/ Save State processing
May 18, 2006 - v1.0.
Wish List
- What features would you like to see added?
