This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
ORG (OWASP Report Generator)
From OWASP
The ORG (Owasp Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.
Downloads
[NOTE: contact Mike de Libero(mike at mde-dev dot com) for the latest version]
ORG Active Developers
- ORG (Owasp Report Generator) - Mike de Libero
- ORG (Owasp Report Generator) - Dinis Cruz
- ORG (Owasp Report Generator) - Zi Jin
TODO
Priority High
Task | Comment | Complexity | Assigned | Status | |
---|---|---|---|---|---|
1 | Enable templates in executive summary to save copying and pasting in new projects | {...} | Medium | Not Assigned |
Priority Medium
Task | Comment | Complexity | Assigned | Status | |
---|---|---|---|---|---|
1 | Add a default profile with the project files maped to the local disk |
Priority Medium
Task | Comment | Complexity | Assigned | Status | |
---|---|---|---|---|---|
generated Pdf reports don't appear in the respective ORG window. | [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window | no idea |
|- ! x || {Template} || {...} || Medium || Not Assigned
To Map to Priority Tables
Task | Comment | Assigned | Status | ||
---|---|---|---|---|---|
1 | Del Key should delete newline (and other elements) | ||||
2 | Add ability to move findings to other targets | ||||
3 | Sort of tracking views by Issue ID | Enable sorting in the issue tracking screens, to enable easier finding of issues when retests are occurring | |||
4 | Search (for Issue IDs) | ||||
5 | Select contacts from a db | ||||
6 | Automatic Import data (like DSN info) | This can also include task / default messages with links to areas like the OWASP vulnerability pages | |||
7 | Data feed for global database spreadsheets | ||||
8 | Sign application and FOP engine | ||||
9 | Ensure that within the same project, image folders are unique | ||||
10 | Make an installer | ||||
11 | Add Backup feature for XSLT changes | ||||
12 | Add upgrade tool | ||||
13 | Add XSLT search feature | ||||
14 | Project level tags | ||||
15 | Image's path are hardcoded on the PDF xslt |
| |||
16 | Document the installation procedure of the Altova XML engine (used for xslt2 queries) | ||||
17 | Add to FAQ the fact that the errors that show on the current main FOP transformation are ok | ||||
18 | Convert the current xslt/FOP to the altova engine so that we can use xslt2 queries | ||||
19 | Modify the tabs on the "Current and Archived Projects" screen so that whenever you click on one it reloads the data | ||||
20 | Only show up tabs that we have the data set up for | ||||
21 | Remove all those empty try/catches in authentic.cs | ||||
22 | Upgrade the Altova component | Y | 50% | ||
23 | Create a Microsoft Word report option | ||||
24 | Perform a validation against a schema of all current _consolidatedReports files to ensure they are compliant (check in particular dates, IPs and DNS names) | ||||
25 | Manage the exceptions that occur when you add a finding with a duplicate name more effectively | ||||
26 | Change the Window menu to have the current open windows in the main menu, rather than as a sub menu | ||||
27 | Add a find function to the source code editor | ||||
28 | Add drop down menus to the recommendations section (which links to the recommendations database) | ||||
29 | Enable schema-safe copy and paste between the project meta data tab and the executive summary tab (the xml attribute copying bug) | ||||
30 | Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format) |
To add to to-do
- Default headers auto populated in "Report Contents". Executive Summary, Background, Scope
- Paste tables into Appendix
- Paste images into Appendix
- Bug report, sequence of events:
- do findings
- then do exec sumamry
- then make a pdf
- then try to change a finding (exception will occur)
- if you reload the project the issue will go away
TODO Future Versions
- Add in the ability to import in stock findings
- Remove the global variable class.
- Add in tool tips to the forms.
Other related [Owasp .Net Project Downloads]
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.