This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "ORG (OWASP Report Generator)"

Jump to: navigation, search
Line 8: Line 8:
== ORG Development  ==
The current version under development is vl.85 and you can see the change log here: [[ORG (Owasp Report Generator) - V0.85]]
The current Todo is here:
== ORG Active Developers ==
== ORG Active Developers ==

Revision as of 12:08, 25 October 2006

The ORG (Owasp Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.


[NOTE: contact Mike de Libero(mike at mde-dev dot com) for the latest version]

Report Generator Source

ORG Development

The current version under development is vl.85 and you can see the change log here: ORG (Owasp Report Generator) - V0.85

The current Todo is here:

ORG Active Developers

TODO (under construction)

Priority High

Task Comment Complexity Assigned Status
1 Enable templates in executive summary to save copying and pasting in new projects There is an easy and a hard way to do this. The easy is to implement this using template xml files which are copied to the target location (for example a finding or 'Report Content') from a default location (in the current plan the output of a plug-in). The hard way (but much more powerfull) will be to implement this templates using dinamic manipulation of the autentic object (which is something that I haven't figure out how to do) Medium Not Assigned
Create plug-in to support templates Which is basically a mapping between SPS and XML files (need to figure out how to dynamically use SPS transformations
Fix XML attribute / value errors when using copy and paste functionality Convert Export functionality into a Plug-in Should be easy to do since all code is already there Low DC
Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields) Basicaly the issue here is that everytime an xml file is saved, a quick check to the schema should be made. The code to do this already exists (it is in the export data code).

Priority Medium

Task Comment Complexity Assigned Status
1 Add a default profile with the project files maped to the local disk

Priority Low

Task Comment Complexity Assigned Status
generated Pdf reports don't appear in the respective ORG window. [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window no idea

|- ! x || {Template} || {...} || Medium || Not Assigned

To Map to Priority Tables

Task Comment Assigned Status
1 Del Key should delete newline (and other elements)
2 Add ability to move findings to other targets
3 Sort of tracking views by Issue ID Enable sorting in the issue tracking screens, to enable easier finding of issues when retests are occurring
4 Search (for Issue IDs)
5 Select contacts from a db
6 Automatic Import data (like DSN info) This can also include task / default messages with links to areas like the OWASP vulnerability pages
7 Data feed for global database spreadsheets
8 Sign application and FOP engine
9 Ensure that within the same project, image folders are unique
10 Make an installer
11 Add Backup feature for XSLT changes
12 Add upgrade tool
13 Add XSLT search feature
14 Project level tags
15 Image's path are hardcoded on the PDF xslt
  • Monthly CISO Report.xslt
  • test.xslt
  • Bespoke Brief.xslt
  • Monthly RISO Report.xslt
  • Outstanding Issues.xslt
16 Document the installation procedure of the Altova XML engine (used for xslt2 queries)
17 Add to FAQ the fact that the errors that show on the current main FOP transformation are ok
18 Convert the current xslt/FOP to the altova engine so that we can use xslt2 queries
19 Modify the tabs on the "Current and Archived Projects" screen so that whenever you click on one it reloads the data
20 Only show up tabs that we have the data set up for
21 Remove all those empty try/catches in authentic.cs
22 Upgrade the Altova component Y 50%
23 Create a Microsoft Word report option
24 Perform a validation against a schema of all current _consolidatedReports files to ensure they are compliant (check in particular dates, IPs and DNS names)
25 Manage the exceptions that occur when you add a finding with a duplicate name more effectively
26 Change the Window menu to have the current open windows in the main menu, rather than as a sub menu
27 Add a find function to the source code editor
28 Add drop down menus to the recommendations section (which links to the recommendations database)
29 Enable schema-safe copy and paste between the project meta data tab and the executive summary tab (the xml attribute copying bug)
30 Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format)

To add to to-do

  • Default headers auto populated in "Report Contents". Executive Summary, Background, Scope
  • Paste tables into Appendix
  • Paste images into Appendix
  • Bug report, sequence of events:
    • do findings
    • then do exec sumamry
    • then make a pdf
    • then try to change a finding (exception will occur)
    • if you reload the project the issue will go away

TODO Future Versions

  • Add in the ability to import in stock findings
  • Remove the global variable class.
  • Add in tool tips to the forms.

Other related [Owasp .Net Project Downloads]

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.