Owasp SoC 2008 is waiting for you.
Please contribute with your own project or keeping in charge with some Owasp proposal or contact Owasp people if you want to do something but you don’t know how to help.
Application submit deadline is next 25th March.
Harry Up
Next October I’ll take a speech in Owasp AppSec Conference in New York city. It’s an honor to me to attend to this event and it will be the place where:
I just released Orizon v0.70. It was not a planned release but I noticed that Owasp Code Review Guide, introduced a source code crawling check against a set of known dangerous keywords.
It was really simple to add such code crawling facility for Java and C# to Orizon.
This means that my framework is lightweight and flexible enought to be usable and extensible… and this is so good.
This is the link of the Orizon v0.70 release and this is the code demonstrating the API to use for crawling a Java source file.
I’m very happy about the maturity stage reached from my tool and I hope it could be evaluated from Owasp community and in the future widely used in source code assessment.
And we are at -140 days to my wedding…
I just committed version 0.63 in sourceforge subversion repository. I don’t plan to officially release a JAR file… a lot of changes in just a week… It makes more sense to wait for 0.80 release in March… Next 5 Februrary I’ll take a speech at Italian Infosecurity in Milan where I’ll present more in depth Jericho static code review engine features…
@work we are not so busy at the moment, so I can spent some time hacking over orizon and the code I wrote is simply amazing.
I’m refactoring all org.owasp.orizon.core classes to embeded in each core element (such as a class, a method or a variable representation) methods:
Jericho engine is growing faster and Source class is day by day lighter and easy to read and to understand. I’m really excited about these hacking days…
Just 2 days ago I released Orizon 0.60 with a lot of improvements.
First of all the default library reached the psychological limit of 30 security checks (it includes 34 security checks).
I introduced also a reduce() routine that enable people in writing checks based upon method return type or variable data type.
Today I wrote down the piece of code that enable source file line number discovering during translation from Java to XML… I know it is more fancy if Orizon will display also the position inside the source file instead of just complaining about an error.
I’m really fine with the latest 2 weeks work..
The answer is yes if you read a safe coding best practice guide for Java and the answer is still yes if you ask it to Orizon v 0.58.
I added a reduce() method able to write down in the XML file the primitive data type of an operation. By now just for boolean operation. In brief, Orizon when finding a boolean operator, it will write down operand data type in order to check if strings are checked for equality with strings and so on…
In the very next future I will hack over the reduce code in order to having it working also for method invocation…
Yes… Orizon is growing bigger and bigger and bigger…
Merry Xmas for all of you dears.
thesp0nge
Latest weekend was the middle milestone release. Last friday, Orizon v0.50 was available by anyone and 28 people download it.
There are a lot of improvements that make me very proud of what I’ve done in the last here.
With this release I closed my Spoc2007 not meeting all goals I figured out for my self… maybe if I had some help from other coders project would grown even more… but indeed, feedback is still zero. 
This is the version string in my local workspace copy.
I improved java 2 xml translation and introduced some security check. I think this could be enought for the Spoc deadline that is November 5th.
In the very next days I’ll release 0.50 with some documentation included
I succeded… meanwhile trying to find a restaurant for me and Francesca’s wedding I was able to generate an helper that manages all my methods parameters and their data type.
An example will explain better.