This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project"

From OWASP
Jump to: navigation, search
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
+
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project'''  
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|This project's idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. Library of navigational elements is required to assess spidering features and library of language constructs is required to assess source code scanners this constructs can be in programming language or preferable in language-independent form of Abstract Syntax Tree. Navigation and vulnerability libraries are independent from technology web application built in. This make is possible to create web applications with similar vulnerabilities in different technologies.
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|This project's idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. Library of navigational elements is required to assess spidering features and library of language constructs is required to assess source code scanners this constructs can be in programming language or preferable in language-independent form of Abstract Syntax Tree. Navigation and vulnerability libraries are independent from technology web application built in. This make is possible to create web applications with similar vulnerabilities in different technologies.
  
 
User can create target XML application configuration similar to SiteGenerator's in terms of site structure, navigational elements and vulnerabilities. After that web application can be generated using technology specific generator. Generators can create source code or binary application but not a stub like SiteGenerator. This allows static and dynamic code analysis to be performed on web application and penetration testing too.
 
User can create target XML application configuration similar to SiteGenerator's in terms of site structure, navigational elements and vulnerabilities. After that web application can be generated using technology specific generator. Generators can create source code or binary application but not a stub like SiteGenerator. This allows static and dynamic code analysis to be performed on web application and penetration testing too.
Line 12: Line 13:
 
This tool and components library should be platform-independent unlike SiteGenerator. And only technology-specific generators may be platform-dependent. Such technology-specific generators can be source code generators or can be binary application template.  
 
This tool and components library should be platform-independent unlike SiteGenerator. And only technology-specific generators may be platform-dependent. Such technology-specific generators can be source code generators or can be binary application template.  
 
  |-
 
  |-
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
+
  | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:ddk(at)cs.msu.su '''Dmitry Kozlov''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[:User:Ddk|'''Dmitry Kozlov''']]
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:name(at)change '''Name&Email''']
+
  | style="width:16%; background:#cccccc" align="center"|Project Contributors<br>(if any)
  | style="width:14%; background:#cccccc" align="center"|[mailto:[email protected] '''Project Mailing List''']
+
  | style="width:10%; background:#cccccc" align="center"|Mailing list<br>[https://lists.owasp.org/mailman/listinfo/owasp-appcec-tool-benchmarking-project '''Subscribe here''']<br>[mailto:[email protected] '''Use here''']
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:mark.roxberry(at)owasp.org '''Mark Roxberry''']
+
  | style="width:16%; background:#cccccc" align="center"|License<br>[http://www.gnu.org/licenses/old-licenses/gpl-2.0.html '''GNU General Public License v2''']
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:medelibero(at)gmail.com '''Mike de Libero''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[https://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Projects '''Tool''']
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+
  | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]  
 
  |}
 
  |}
{| style="width:100%" border="0" align="center"
+
 
  ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''  
+
{| style="width:100%" border="0" align="center"  
|-
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status'''  
| style="width:100%; background:#cccccc" align="center"|
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''
* (If appropriate, links to be added)
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''  
|}
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
 
|-
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P003/P013 - OWASP Application Security Tool Benchmarking Environment and Site Generator refresh.=|'''Sponsored Project/Guidelines/Roadmap''']]
 
|}
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
 
|-
 
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
 
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
 
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
 
  |-
 
  |-
 +
| style="width:29%; background:#cccccc" align="center"|
 +
'''[[:Category:OWASP_Project_Assessment#Alpha_Quality_Tool_Criteria|Alpha Quality]]'''<br>[[:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Assessment Frame|Please see here for complete information.]]
 +
| style="width:42%; background:#cccccc" align="center"|
 +
[https://www.owasp.org/images/c/c4/Site_generator.pptx PowerPoint Presentation]<br>http://code.google.com/p/osg2/
 +
| style="width:29%; background:#cccccc" align="center"|
 +
[[SpoC 007 - OWASP Site Generator|OWASP Site Generator]]
 
  |}
 
  |}
 +
----

Latest revision as of 14:40, 19 March 2009


PROJECT IDENTIFICATION
Project Name OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project
Short Project Description This project's idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. Library of navigational elements is required to assess spidering features and library of language constructs is required to assess source code scanners this constructs can be in programming language or preferable in language-independent form of Abstract Syntax Tree. Navigation and vulnerability libraries are independent from technology web application built in. This make is possible to create web applications with similar vulnerabilities in different technologies.

User can create target XML application configuration similar to SiteGenerator's in terms of site structure, navigational elements and vulnerabilities. After that web application can be generated using technology specific generator. Generators can create source code or binary application but not a stub like SiteGenerator. This allows static and dynamic code analysis to be performed on web application and penetration testing too.

This tool and components library should be platform-independent unlike SiteGenerator. And only technology-specific generators may be platform-dependent. Such technology-specific generators can be source code generators or can be binary application template.

Key Project Information Project Leader
Dmitry Kozlov
Project Contributors
(if any)
Mailing list
Subscribe here
Use here
License
GNU General Public License v2
Project Type
Tool
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Alpha Quality
Please see here for complete information.

PowerPoint Presentation
http://code.google.com/p/osg2/

OWASP Site Generator