This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP O2 Platform/Sub-Projects/OSSAD"
(Add tasks completed for Jan 02 plus new tasks for future) |
(→Project Details) |
||
| Line 22: | Line 22: | ||
The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow. | The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow. | ||
| − | '''Schedule | + | '''Schedule''' |
| − | Nov 23: | + | Nov 23, 2009: |
* Fix up this page | * Fix up this page | ||
* Do a first pass clean up of the source code | * Do a first pass clean up of the source code | ||
* Organize the source code structure | * Organize the source code structure | ||
| − | |||
| − | |||
| − | Jan 02: | + | Jan 02, 2010: |
* Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/ | * Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/ | ||
* Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen) | * Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen) | ||
Revision as of 20:00, 3 January 2010
OSSAD stands for One Security Static Analyzer per Developer
Documentation
- https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
- https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
- https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.odt
- https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.pdf
Project Details
What is OSSAD?
OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.
Please read the project documentation, which details:
- Motivation
- Strategy
- Architecture
- Current progress
- What a contributor can do to help
The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.
Schedule
Nov 23, 2009:
- Fix up this page
- Do a first pass clean up of the source code
- Organize the source code structure
Jan 02, 2010:
- Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/
- Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen)
- Write ScrGraph module
- Did more Java grammar control flow statements
Near future:
- Finish up the Java grammar control flow statements
- Start JSP implementation for The Prototype
Less near future:
- Finish JSP implementation for The Prototype
- Start security rules format and Analysis Engine
Contact
Any comments/suggestions/questions are welcome: [email protected]
Thank you.
Copyright
The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.
"I assign the copyright of the OSSAD static analysis tool to OWASP and I will release its code under Apache 2.0 (Open Source license) and the documents under Creative Commons 3.0 License."
Stephen Craig Evans - November 15, 2009
go back to the main OWASP O2 Platform page
