This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Orizon Project"

From OWASP
Jump to: navigation, search
(News)
 
(85 intermediate revisions by 11 users not shown)
Line 1: Line 1:
== Overview ==
+
=Main=
 +
{|
 +
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]
 +
| align="right" |
  
The quest for secure code is what all developers want (I hope so) to achieve. Software must be reliable. Software must be strong. Software must be '''secure'''.
+
|}
  
How much my software has to be ''secure''? The correct answer is hard to find. But security is a problem that even a development team must take care for.
+
==OWASP Orizon Project==
Must be a skilled developer also a security guru? Don't know, not necessarly. But it's important that someone give him the tools to merge security know how to his development skills, and so our quest for secure code starts...
 
  
Orizon borns with the aim to provide a common ground to safe coding and code review methodologies applied to software. By now Orizon is still a bunch of ideas and few lines of code. In a year I hope Orizon will be the common engine in which security code review related tools are built upon
+
OWASP Orizon is a source code security scanner designed to spot vulnerabilities in J2EE web applications, Android code and generally speaking in Java written source code.
  
Orizon must give thanks di LAPSE Project (that you may find between OWASP Projects) RATS, Flowfinder for ideas and
+
==Description==
inspiration.
 
  
Orizon page at sourceforge is [http://orizon.sourceforge.net this].
+
Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
  
== Goals ==
+
Owasp Orizon mission is to provide people an opensource tool, helping them in reviewing:
  
== Download ==
+
* single Java classes
 +
* Java standalone tools packed in JAR files
 +
* web applications packed in EAR / WAR files
 +
* Android APK applications
  
== Features ==
+
It was a dark and stormy night in Milan, Italy. It was 2006 and I felt the need of something helping me in reviewing other people java source code. So Owasp Orizon born and grew up as security tool trying to parse Java source code, building an Abstract Syntax Tree and spot for unsafe calls in the code.
  
== Future Development ==
+
In the very beginning Owasp Orizon was a sort of enhanced grep tool. In 2008, I started supporting PHP programming language but the initial boost disappeared. After being in love with other programming languages and technolgies, eight years later, in 2017 I kickstarted the project again from scratch.
This is the first project RoadMap
 
 
'''Oct 2006''' - PoC code will be showed at SMAU - eAcademy 2006. No features. No XML written tests. Just a Proof of Concept introducing Orizon.  
 
  
'''15th Nov 2006''' - Orizon design phase. Before start coding like a rolling stone, a good design phase must be
+
==Licensing==
completed.
+
OWASP Orizon is an opensource tool. It is licensed under the [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License].
Documents to be released in this phase are:
 
* ''"orizon architecture"'': this document will explain how Orizon has to be built, the modules and how they interact
 
* ''"writing orizon test"'': this document will explain how to write an XML document describing a security check and how integrate it in Orizon
 
* ''"orizon coding guideline"'': this document draw some basics about coding standard to be used inside the project
 
  
'''31th Dec 2006, v0.30''' - Orizon framework must be completed by the 30% of the features claimed in the aformentioned documents. This release goal will be applying two simple XML tests to a simple java source (no inner class, just few methods).
+
== Quick Start ==
  
'''14th Feb 2007 v0.50''' - Orizon framework must be completed by the half of the features claimed in the design phase. This realease goal will be applying an arbitrary number of XML tests to an arbitrary java source.
+
See project [https://github.com/thesp0nge/owasp-orizon GitHub home page]
  
'''May 2007 v0.75''' - Orizon will be almost complete for Java language. Here we start supporting C, ASP and C# languages. Orizon API must be consolidated at this point and the engine must be fully integrated in an arbitrary code review security tool
+
== Project Resources ==
  
'''Jul 2007 v0.90''' - Orizon API consolidation must be completed and JavaDOC has to be greated. Here there will be a freeze in API subversion trunk. C language support must be completed.
+
[https://owasporizon.wordpress.com Blog]
  
'''Oct 2007 v1.00''' - First major release: support for C# and ASP must be completed. Orizon must be fully usable for writing security tools supporting Java, C, C# and ASP languages natively. Starting by now Orizon supported languages will grown up as well the security tests implemented.
+
[https://github.com/thesp0nge/owasp-orizon  Code] | [https://github.com/thesp0nge/owasp-orizon/releases Binaries]
  
== News ==
+
[https://github.com/thesp0nge/owasp-orizon/issues Issue Tracker]
'''Design phase has begun'''
 
I started working on documentation. Please consider joining orizon mailing list and contributing to project.
 
'''OWASP Orizon Project @ SMAU eAcademy, Milan 4-7th October 2006'''
 
I will talk to [http://www.webb.it SMAU eAcademy2006] next saturday 7th October 2006 about code review and safe coding. [http://webb.it/event/eventview/5772/1/0,0/code_review_e_principi_di_programmazione_sicura Here] you can find more informations in italian only by now.
 
Last part of the speech will be about introducing Orizon project, giving development roadmap
 
  
'''OWASP Orizon Project Created! - 09:24, 2 October 2006 (EDT)'''
+
== Project Leader ==
  
The Open Web Application Security Project is proud to announce the OWASP Orizon Project!
+
Paolo Perego<br/>
 +
[mailto:[email protected] email] [https://twitter.com/thesp0nge/ twitter] [https://codiceinsicuro.it blog ]
  
== Feedback and Participation: ==
+
== News and Events ==
 +
* [Spring 2017] - [http://owaspsummit.org/Working-Sessions/Project-Summit/Owasp-Orizon-Reboot.html Owasp Orizon kickstart session]
 +
* [13 September 2016] - Paolo Perego take back project leadership, kickstarting Owasp Orizon again
 +
* [February, 2014] - Greg Disney-Leugers adopted the OWASP Orizon project.
 +
* [November 2009] - we started moving from current release to the next major bump (v2.0) that will happen next June 2010 during Owasp AppSEC conference in Stockholm.
  
Orizon wants you
+
== Roadmap and Getting Involved==
Of course, as opensource project, '''anyone''' is welcome tho join Orizon, and please do it.
 
If you are a C#, Java or ASP skilled developer and you want to share your experience with such languages feel free to use mailing list to contribute in Orizon supported languages.
 
  
If you are a Java skilled developer why don't you think about writing some bunch of codes for Orizon?
+
Owasp Orizon kickstart is scheduled during the upcoming [http://owaspsummit.org/Working-Sessions/Project-Summit/Owasp-Orizon-Reboot.html Owasp Summit 2017]
  
If you write quite well or, it's not so difficult, better than me, please think about joining the project for documentation, advertising, blog maintenance ...
+
Some intended milestones to be putted in roadmap are:
  
We hope you find the OWASP Orizon Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to [email protected].  To join the OWASP Orizon Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-orizon subscription page.]
+
* Spring 2017 - Defining the team and overall goals
 +
* Autumn 2017 - First alpha release
 +
* Winter 2017 - Second alpha release
 +
* January 2018 - First beta
  
== Project Contributors ==
 
--[[User:Thesp0nge|thesp0nge]] 09:47, 2 October 2006 (EDT)
 
  
== Project Sponsor ==
+
==Classifications==
  
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=]]
 +
  |}
  
[[Category:OWASP Project]]
+
|}
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
=Project About=
 +
{{:Project Information:template Orizon Project}} 
 +
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]

Latest revision as of 15:15, 11 May 2017
OWASP Inactive Banner.jpg

OWASP Orizon Project

OWASP Orizon is a source code security scanner designed to spot vulnerabilities in J2EE web applications, Android code and generally speaking in Java written source code.

Description

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Owasp Orizon mission is to provide people an opensource tool, helping them in reviewing:

  • single Java classes
  • Java standalone tools packed in JAR files
  • web applications packed in EAR / WAR files
  • Android APK applications

It was a dark and stormy night in Milan, Italy. It was 2006 and I felt the need of something helping me in reviewing other people java source code. So Owasp Orizon born and grew up as security tool trying to parse Java source code, building an Abstract Syntax Tree and spot for unsafe calls in the code.

In the very beginning Owasp Orizon was a sort of enhanced grep tool. In 2008, I started supporting PHP programming language but the initial boost disappeared. After being in love with other programming languages and technolgies, eight years later, in 2017 I kickstarted the project again from scratch.

Licensing

OWASP Orizon is an opensource tool. It is licensed under the Apache 2 License.

Quick Start

See project GitHub home page

Project Resources

Blog

Code | Binaries

Issue Tracker

Project Leader

Paolo Perego
email twitter blog

News and Events

  • [Spring 2017] - Owasp Orizon kickstart session
  • [13 September 2016] - Paolo Perego take back project leadership, kickstarting Owasp Orizon again
  • [February, 2014] - Greg Disney-Leugers adopted the OWASP Orizon project.
  • [November 2009] - we started moving from current release to the next major bump (v2.0) that will happen next June 2010 during Owasp AppSEC conference in Stockholm.

Roadmap and Getting Involved

Owasp Orizon kickstart is scheduled during the upcoming Owasp Summit 2017

Some intended milestones to be putted in roadmap are:

  • Spring 2017 - Defining the team and overall goals
  • Autumn 2017 - First alpha release
  • Winter 2017 - Second alpha release
  • January 2018 - First beta


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg

|}




PROJECT IDENTIFICATION
Project Name OWASP Orizon Project
Short Project Description This project born in 2006 in order to provide a framework to all Owasp projects developing code review services. The project is in a quite stable stage and it is usable for Java static code review and some dynamic tests against XSS. Owasp Orizon includes also APIs for code crawling, usable for code crawling tools.
Key Project Information Project Leader
Paolo Perego 		Project Contributors
See here 		Mailing list
Subscribe here
Use here

License
Creative Commons Attribution Share Alike 3.0

Project Type
Tool

Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

The Owasp OrizonProject in Power Point
Orizon Safe coding and beyond - Word File
Orizon 1.19 - The Latest Release
Orizon internal draft
Orizon site at sourceforge
Orizon blog

OWASP Code Review Guide

Pages in category "OWASP Orizon Project"

This category contains only the following page.

O

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Orizon_Project&oldid=229568"