SpoC 007 - Orizon Project - Progress Page

News

15^th February 2008 - New version of OWASP ORIZON FRAMEWORK TOOL with the source code crawling APIs available for Java and CSharp.

3^rd November 2007 - Orizon version 0.50 is the final deliverable for Spoc 2007. I did not reach all the goals I draw for my self back when Spoc started. After all, I'm really happy seeing the final project status. If I had more support from community may be things would go in a better way... however.

15^th October 2007 - Official roadmap is located here. Please refer to this page for project milestones. I deleted support for C language to milestones because more effort I'm spending to make dawn quite usable. I think having dawn 50% working is more valuable than having partial C language support.

11^st October 2007 - Dawn engine is now operative. It creates helper applications from Java methods, it compiles them, it runs them and collecting their output it scans it for XSS attack pattern to appear. Further improvement will follow asap :)

22^nd August 2007 - Orizon release 0.40 is available at sourceforge site. This is an important milestone in the development process. Safe coding recipes APIs are working and the class handling source code being reviewed is now capable of applying a check over the source code xml representation. In fact, static code review is possible by now.

13^th July 2007 - The project status as Spoc 2007 start is summarized in the following:

• java sources are translated into XML using JDK6 APIs;
• Orizon classes are in a refactoring stage in order to reflect a better approach in design phase;
• library containing checks is now a Zip file instead of a plain XML file. The library file will contain "receipts", XML files containing security checks grouped by category.

What is missing by now is some checks. I'm looking the web in order to collect "coding best practices" and trying to formalize them in XML.

Next actions

SpoC 2007 Goals