Difference between revisions of "Category:OWASP Orizon Project"

Revision as of 13:32, 3 October 2006

Overview

The quest for secure code is what all developers want (I hope so) to achieve. Software must be reliable. Software must be strong. Software must be secure.

How much my software has to be secure? The correct answer is hard to find. But security is a problem that even a development team must take care for. Must be a skilled developer also a security guru? Don't know, not necessarly. But it's important that someone give him the tools to merge security know how to his development skills, and so our quest for secure code starts...

Orizon borns with the aim to provide a common ground to safe coding and code review methodologies applied to software. By now Orizon is still a bunch of ideas and few lines of code. In a year I hope Orizon will be the common engine in which security code review related tools are built upon

Goals

Download

Features

Future Development

This is the first project RoadMap

Oct 2006 - PoC code will be showed at SMAU - eAcademy 2006. No features. No XML written tests. Just a Proof
of Concept introducing Orizon. 
15th Nov 2006 - Orizon design phase. Before start coding like a rolling stone, a good design phase must be
completed.
Documents to be released in this phase are:
* "orizon architecture": this document will explain how Orizon has to be built, the modules and how they 
interact
* "writing orizon test": this document will explain how to write an XML document describing a security check
and how integrate it in Orizon
* "orizon coding guideline": this document draw some basics about coding standard to be used inside the 
project
31th Dec 2006, v0.30 - Orizon framework must be completed by the 30% of the features claimed in the 
aformentioned documents. This release goal will be applying two simple XML tests to a simple java source (no inner 
class, just few methods).
14th Feb 2007 v0.50 - Orizon framework must be completed by the half of the features claimed in the design
phase. This realease goal will be applying an arbitrary number of XML tests to an arbitrary java source.
May 2006 v0.75 - Orizon will be almost complete for Java language. Here we start supporting C, ASP and C#
languages. Orizon API must be consolidated at this point and the engine must be fully integrated in an arbitrary
code review security tool
Jul 2007 v0.90 - Orizon API consolidation must be completed and JavaDOC has to be greated. Here there will 
be a freeze in API subversion trunk. C language support must be completed.
Oct 2007 v1.00 - First major release: support for C# and ASP must be completed. Orizon must be fully 
usable for writing security tools supporting Java, C, C# and ASP languages natively.
Starting by now Orizon supported languages will grown up as well the security tests implemented.

News

OWASP Orizon Project @ SMAU eAcademy, Milan 4-7th October 2006

I will talk to SMAU eAcademy2006 next saturday 7th October 2006 about code review and safe coding. Here you can find more informations in italian only by now. Last part of the speech will be about introducing Orizon project, giving development roadmap

OWASP Orizon Project Created! - 09:24, 2 October 2006 (EDT)

The Open Web Application Security Project is proud to announce the OWASP Orizon Project!

Feedback and Participation:

We hope you find the OWASP Orizon Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to [email protected]. To join the OWASP Orizon Project mailing list or view the archives, please visit the subscription page.

Project Contributors

--thesp0nge 09:47, 2 October 2006 (EDT)

Project Sponsor