Stinger 3.0 Status Update! - 17:58, 1 January 2007 (EST)
After many hard hours, I am proud to announce that several features have been implemented in the Stinger 3.0 baseline. This one of several milestones necessary to make Stinger a commercial quality product.
The following is a list of notable changes:
- Validation of the entire HTTP request: including URI, headers, cookies, and parameters
- A robust "learning" mode to make rule generation simplistic and efficient.
- A more flexible "Action" framework. Actions will be able to execute logic before and/or after the request is processed by the web application
If you have any suggestions for Stinger 3.0, please post them on the Stinger 3.0 ideas page.
Stinger 2.2 Released! - 13:37, 24 November 2006 (EST)
The OWASP Stinger project is pleased to announce the immediate availability of Stinger 2.2 for both JDK 5.0 and JDK 1.4! The following is a list of the notable changes:
- Implemented a more complete MutableHttpRequest object and removed the MutableHttpResponse object.
- The rule set 'paths' are implemented used regular expressions. There is no longer a need to define multiple paths for specific rule sets.
- The 'created' and 'enforce' paths for cookie rules are implemented using regular expressions. There is no longer a need to define multiple 'enforce' paths.
- The introduction of an 'exclude' set defining paths that should not be processed by Stinger.
- Implemented log rolling capabilities in the 'Log' action.
- Added a 'Forward' action which can forward request processing to a specified page.
- Used the HTML entity encoding function found in the HTML Entity Encoding article.
A special thanks goes out to John Callaway for his work in expanding the 'Log' action capabilities as well as the JDK 1.4 port.
Project Pages Revamped and Stinger 3.0 - 09:55, 23 November 2006 (EST)
The OWASP Stinger project pages are currently being "revamped" to be visually clean and make navigation more intuitive. Furthermore, Stinger 3.0 development is underway! Make sure to post any ideas you would like to see implemented in the new version at the OWASP Stinger 3.0 Project page.