Orizon post

The orizon website has been completely rewritten with a brand new layout.

It lacks API reference and API usage example but I’ll provide them asap.

It seems to be real… or at least, it starts to be real. Dawn package is contained in Orizon since 0.45pre1 and it is responsible about dynamic code review services.

How does it work?

It creates an helper program in the same language the source code being assessed is written (Java is the only language supported by now).

The helper is a standalone application built upon a method or function contained in the starting source file. So if your Java class has 3 public methods, Orizon will create 3 helper applications for each method being tested.

The helper is so compiled and executed with a set of well known attack patterns.

The patterns will cover:

• Cross site scripting attacks
• Injection flaws
• Unhandled exceptions

Last week I introduced Report class to manage reports. Report class is now the return data type from Source class, apply() method that perform static code review.

As you may see in Milk source code, a Report object works related with an implementation of Formatter class that describe how the output has be organized.

In fact, there is just a PlainFormatter by now that prints report lines over standard output. In the near future I’ll implement XMLFormatter and HTMLFormatter as well.

I’ve to work over the documentation too… and create a fancy web site… a lot of things to do…