OWASP Autumn of Code 2006 - Applications

AoC 1 - Paolo :

Hi Dinis, the Owasp autumn of Code idea is great and it would be greate for me to partecipate. This is my submission informations:

1) Contact details ...........

2) Which project you want to be involved in I'd like to be involved in Code Review project

3) Why you should be sponsored for the project I've got a very strong background in software development. I reached a good C programming level (working at kernel level in Linux operating system) and a good Java programming level in web application development field. My working field is however security as pen tester and code reviewer and I want to merge these two main field of interest: security and code.

I think I can improve Code Review project merging my theorical experience (writing doc about code review, secure coding and providing code snippets in various languages as a sort of Sample Library or knowledge base) with my pratical attidute. Looking ad Owasp LAPSE project, it would be a great idea to create a sort of common API building a sort of "code review tool engine".

This engine would be generic and devoted ONLY to code review related aspects. Using such engine as basis we could build a pletora of tools providing code review capability for common os IDE (extending LAPSE for eclipse, netbeans, ...) and for ad hoc command line tool.

4) What are the objectives and deliverables My objectives are:

• focusing people attention about how much code review and safe coding important are
• providing people practical instruments to test their applications or to build their testing tool too

My deliverables are:

• improving Code Review project documentation for my first objective
• realize the engine core complete with a set of well known wrong code practice, providing a way to extend such engine and to provide a PoF testing tool using the aformentioned APIs