This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Orizon Project"
(→Future Development) |
(→Future Development) |
||
| Line 23: | Line 23: | ||
'''Oct 2006''' - PoC code will be showed at SMAU - eAcademy 2006. No features. No XML written tests. Just a Proof of Concept introducing Orizon. | '''Oct 2006''' - PoC code will be showed at SMAU - eAcademy 2006. No features. No XML written tests. Just a Proof of Concept introducing Orizon. | ||
| + | |||
'''15th Nov 2006''' - Orizon design phase. Before start coding like a rolling stone, a good design phase must be | '''15th Nov 2006''' - Orizon design phase. Before start coding like a rolling stone, a good design phase must be | ||
completed. | completed. | ||
| Line 29: | Line 30: | ||
* ''"writing orizon test"'': this document will explain how to write an XML document describing a security check and how integrate it in Orizon | * ''"writing orizon test"'': this document will explain how to write an XML document describing a security check and how integrate it in Orizon | ||
* ''"orizon coding guideline"'': this document draw some basics about coding standard to be used inside the project | * ''"orizon coding guideline"'': this document draw some basics about coding standard to be used inside the project | ||
| + | |||
'''31th Dec 2006, v0.30''' - Orizon framework must be completed by the 30% of the features claimed in the aformentioned documents. This release goal will be applying two simple XML tests to a simple java source (no inner class, just few methods). | '''31th Dec 2006, v0.30''' - Orizon framework must be completed by the 30% of the features claimed in the aformentioned documents. This release goal will be applying two simple XML tests to a simple java source (no inner class, just few methods). | ||
| + | |||
'''14th Feb 2007 v0.50''' - Orizon framework must be completed by the half of the features claimed in the design phase. This realease goal will be applying an arbitrary number of XML tests to an arbitrary java source. | '''14th Feb 2007 v0.50''' - Orizon framework must be completed by the half of the features claimed in the design phase. This realease goal will be applying an arbitrary number of XML tests to an arbitrary java source. | ||
| + | |||
'''May 2006 v0.75''' - Orizon will be almost complete for Java language. Here we start supporting C, ASP and C# languages. Orizon API must be consolidated at this point and the engine must be fully integrated in an arbitrary code review security tool | '''May 2006 v0.75''' - Orizon will be almost complete for Java language. Here we start supporting C, ASP and C# languages. Orizon API must be consolidated at this point and the engine must be fully integrated in an arbitrary code review security tool | ||
| + | |||
'''Jul 2007 v0.90''' - Orizon API consolidation must be completed and JavaDOC has to be greated. Here there will be a freeze in API subversion trunk. C language support must be completed. | '''Jul 2007 v0.90''' - Orizon API consolidation must be completed and JavaDOC has to be greated. Here there will be a freeze in API subversion trunk. C language support must be completed. | ||
| + | |||
'''Oct 2007 v1.00''' - First major release: support for C# and ASP must be completed. Orizon must be fully usable for writing security tools supporting Java, C, C# and ASP languages natively. Starting by now Orizon supported languages will grown up as well the security tests implemented. | '''Oct 2007 v1.00''' - First major release: support for C# and ASP must be completed. Orizon must be fully usable for writing security tools supporting Java, C, C# and ASP languages natively. Starting by now Orizon supported languages will grown up as well the security tests implemented. | ||
Revision as of 19:38, 3 October 2006
Overview
The quest for secure code is what all developers want (I hope so) to achieve. Software must be reliable. Software must be strong. Software must be secure.
How much my software has to be secure? The correct answer is hard to find. But security is a problem that even a development team must take care for. Must be a skilled developer also a security guru? Don't know, not necessarly. But it's important that someone give him the tools to merge security know how to his development skills, and so our quest for secure code starts...
Orizon borns with the aim to provide a common ground to safe coding and code review methodologies applied to software. By now Orizon is still a bunch of ideas and few lines of code. In a year I hope Orizon will be the common engine in which security code review related tools are built upon
Orizon must give thanks di LAPSE Project (that you may find between OWASP Projects) RATS, Flowfinder for ideas and inspiration.
Orizon page at sourceforge is this.
Goals
Download
Features
Future Development
This is the first project RoadMap
Oct 2006 - PoC code will be showed at SMAU - eAcademy 2006. No features. No XML written tests. Just a Proof of Concept introducing Orizon.
15th Nov 2006 - Orizon design phase. Before start coding like a rolling stone, a good design phase must be completed. Documents to be released in this phase are:
- "orizon architecture": this document will explain how Orizon has to be built, the modules and how they interact
- "writing orizon test": this document will explain how to write an XML document describing a security check and how integrate it in Orizon
- "orizon coding guideline": this document draw some basics about coding standard to be used inside the project
31th Dec 2006, v0.30 - Orizon framework must be completed by the 30% of the features claimed in the aformentioned documents. This release goal will be applying two simple XML tests to a simple java source (no inner class, just few methods).
14th Feb 2007 v0.50 - Orizon framework must be completed by the half of the features claimed in the design phase. This realease goal will be applying an arbitrary number of XML tests to an arbitrary java source.
May 2006 v0.75 - Orizon will be almost complete for Java language. Here we start supporting C, ASP and C# languages. Orizon API must be consolidated at this point and the engine must be fully integrated in an arbitrary code review security tool
Jul 2007 v0.90 - Orizon API consolidation must be completed and JavaDOC has to be greated. Here there will be a freeze in API subversion trunk. C language support must be completed.
Oct 2007 v1.00 - First major release: support for C# and ASP must be completed. Orizon must be fully usable for writing security tools supporting Java, C, C# and ASP languages natively. Starting by now Orizon supported languages will grown up as well the security tests implemented.
News
OWASP Orizon Project @ SMAU eAcademy, Milan 4-7th October 2006
I will talk to SMAU eAcademy2006 next saturday 7th October 2006 about code review and safe coding. Here you can find more informations in italian only by now. Last part of the speech will be about introducing Orizon project, giving development roadmap
OWASP Orizon Project Created! - 09:24, 2 October 2006 (EDT)
The Open Web Application Security Project is proud to announce the OWASP Orizon Project!
Feedback and Participation:
Orizon wants you Of course, as opensource project, anyone is welcome tho join Orizon, and please do it. If you are a C#, Java or ASP skilled developer and you want to share your experience with such languages feel free to use mailing list to contribute in Orizon supported languages. If you are a Java skilled developer why don't you think about writing some bunch of codes for Orizon? If you write quite well or, it's not so difficult, better than me, please think about joining the project for documentation, advertising, blog maintenance ...
We hope you find the OWASP Orizon Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to [email protected]. To join the OWASP Orizon Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-orizon subscription page.]
Project Contributors
--thesp0nge 09:47, 2 October 2006 (EDT)
Project Sponsor
Pages in category "OWASP Orizon Project"
This category contains only the following page.
