Today I released orizon v0.10 build 16. This is the Orizon release I’ll show tomorrow @ Infosecurity 2007 speech.
It will scan a simple Java file that prints out URI from HttpServlet without sanitizing input. Orizon will complain about a possible XSS attack.
This is the beginning of Orizon Static Code Review.
I’m very proud of this 
Online @sourceforge.net you can find Orizon version 0.10 (SVN url is https://orizon.svn.sourceforge.net/svnroot/orizon).
This is the first big commit in last 2 months. Parsing system has been changed, antlr is not required anymore but XML is used instead (you need xercesImpl.jar and xml-apis.jar from apache jakarta project). Core classes has been refactored and an initial support of static code review has been writtend down.
Here you can find info to access to source repository: http://sourceforge.net/svn/?group_id=177056
Next Wednesday, Orizon will debut @ Infosecurity 2007 in Milan.
A very silly PoC… but I’m really excited about this…