This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project

From OWASP

Revision as of 14:38, 2 September 2008 by Ddk (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

PROJECT IDENTIFICATION
Project Name	OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project
Short Project Description	This project's idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. Library of navigational elements is required to assess spidering features and library of language constructs is required to assess source code scanners this constructs can be in programming language or preferable in language-independent form of Abstract Syntax Tree. Navigation and vulnerability libraries are independent from technology web application built in. This make is possible to create web applications with similar vulnerabilities in different technologies. User can create target XML application configuration similar to SiteGenerator's in terms of site structure, navigational elements and vulnerabilities. After that web application can be generated using technology specific generator. Generators can create source code or binary application but not a stub like SiteGenerator. This allows static and dynamic code analysis to be performed on web application and penetration testing too. This tool and components library should be platform-independent unlike SiteGenerator. And only technology-specific generators may be platform-dependent. Such technology-specific generators can be source code generators or can be binary application template.
Email Contacts	Project Leader Dmitry Kozlov	Project Contributors (if applicable) Name&Email	Mailing List/Subscribe Mailing List/Use	First Reviewer Mark Roxberry Profile	Second Reviewer Mike de Libero	OWASP Board Member (if applicable) Name&Email

PROJECT IDENTIFICATION

Project Name

OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project

Short Project Description

This project's idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. Library of navigational elements is required to assess spidering features and library of language constructs is required to assess source code scanners this constructs can be in programming language or preferable in language-independent form of Abstract Syntax Tree. Navigation and vulnerability libraries are independent from technology web application built in. This make is possible to create web applications with similar vulnerabilities in different technologies.

User can create target XML application configuration similar to SiteGenerator's in terms of site structure, navigational elements and vulnerabilities. After that web application can be generated using technology specific generator. Generators can create source code or binary application but not a stub like SiteGenerator. This allows static and dynamic code analysis to be performed on web application and penetration testing too.

This tool and components library should be platform-independent unlike SiteGenerator. And only technology-specific generators may be platform-dependent. Such technology-specific generators can be source code generators or can be binary application template.

Email Contacts

Project Leader
Dmitry Kozlov

Project Contributors
(if applicable)
Name&Email

Mailing List/Subscribe
Mailing List/Use

First Reviewer
Mark Roxberry
Profile

Second Reviewer
Mike de Libero

OWASP Board Member
(if applicable)
Name&Email

PROJECT MAIN LINKS
http://code.google.com/p/osg2/

RELATED PROJECTS
OWASP Site Generator

SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008	Sponsored Project/Guidelines/Roadmap

ASSESSMENT AND REVIEW PROCESS
Review/Reviewer	Author's Self Evaluation (applicable for Alpha Quality & further)	First Reviewer (applicable for Alpha Quality & further)	Second Reviewer (applicable for Beta Quality & further)	OWASP Board Member (applicable just for Release Quality)
50% Review	Objectives & Deliveries reached? Yes --------- See&Edit:50% Review/Self-Evaluation (A)	Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C)	Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50%Review/2nd Reviewer (E)	X
Final Review	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/SelfEvaluation (B)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/2nd Reviewer (F)	X

Retrieved from "https://wiki.owasp.org/index.php?title=Project_Information:template_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project&oldid=38040"

Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools