This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP CAL9000 Project Roadmap"

Jump to: navigation, search
(Version History)
Line 1: Line 1:
The project's overall goal is to...
The project's overall goal is to...

Revision as of 19:40, 22 May 2009 The project's overall goal is to...

 Provide a centralized framework for the organization and use of a variety of tools that can
 assist web application security testers with their manual testing efforts.

In the near term, we are focused on the following tactical goals...

  1. Gathering user feedback.

Version History

Nov 16, 2006 - v2.0:

  • XSS Attacks Page:
    • Filter attacks by browser support
    • Create/edit/save/delete your own attacks
    • Display user-defined attacks in print-ready list
    • Expanded Regex functionality - Added show/replace/split on matches
  • Encoder/Decoder:
    • Added types md4 and sha1 (encode only)
    • Define Base64 special characters and padding character
  • HTTP Requests:
    • Added (almost) total control of request components
    • Quickly add request headers (single, by browser, by method)
    • Split/concatenate request parameters and get character count
    • Added AutoAttack feature (send multiple requests at once)
    • Quick encode request components (Url, hex, Unicode, Base64, md5)
    • Requests/responses saved to History file
    • Added History list navigation and functions (delete, print-ready)
  • HTTP Responses:
    • Displays target Url, response status codes, headers and body
    • Split out scripts, forms and cookies
    • Display request body in new window as it would appear in browser
    • Added History list navigation and functions (delete, print-ready)
  • String Generator:
    • Define character used for string generation
  • Testing Checklist:
    • Old testing checklist included as testing tips
    • Added true testing checklist - Create/edit/save/delete checklist items
  • AutoAttack List Editor:
    • Create/edit/save/delete attack lists and items
    • Display attack lists in print-ready format
    • Quick encode checklist items (Url, hex, Unicode, Base64, md5)

July 30, 2006 - v1.1:

  • Focus of this Release: Upgrade Encode/Decode function.
  • Added Uppercase check box
  • Added Trailing Character text field
  • Added Delimiter text field
  • Added Include Unselected Text check box
  • Added Wrappers
  • Added several Encoding/Decoding types
  • Added ability to Encode/Decode selected text only
  • Added Store/Restore functionality
  • Added Selected Text processing
  • Added Error/Informational Message functionality
  • String Generator can handle larger string sizes
  • Minor Bugfixes w/ URL Encoding
  • Minor Bugfixes w/ Save State processing

May 18, 2006 - v1.0.

Wish List

  • What features would you like to see added?