Owasp SoC 2008 is waiting for you.
Please contribute with your own project or keeping in charge with some Owasp proposal or contact Owasp people if you want to do something but you don’t know how to help.
Application submit deadline is next 25th March.
Harry Up
Next October I’ll take a speech in Owasp AppSec Conference in New York city. It’s an honor to me to attend to this event and it will be the place where:
I just released Orizon v0.70. It was not a planned release but I noticed that Owasp Code Review Guide, introduced a source code crawling check against a set of known dangerous keywords.
It was really simple to add such code crawling facility for Java and C# to Orizon.
This means that my framework is lightweight and flexible enought to be usable and extensible… and this is so good.
This is the link of the Orizon v0.70 release and this is the code demonstrating the API to use for crawling a Java source file.
I’m very happy about the maturity stage reached from my tool and I hope it could be evaluated from Owasp community and in the future widely used in source code assessment.
And we are at -140 days to my wedding…
Just 2 days ago I released Orizon 0.60 with a lot of improvements.
First of all the default library reached the psychological limit of 30 security checks (it includes 34 security checks).
I introduced also a reduce() routine that enable people in writing checks based upon method return type or variable data type.
Today I wrote down the piece of code that enable source file line number discovering during translation from Java to XML… I know it is more fancy if Orizon will display also the position inside the source file instead of just complaining about an error.
I’m really fine with the latest 2 weeks work..
Latest weekend was the middle milestone release. Last friday, Orizon v0.50 was available by anyone and 28 people download it.
There are a lot of improvements that make me very proud of what I’ve done in the last here.
With this release I closed my Spoc2007 not meeting all goals I figured out for my self… maybe if I had some help from other coders project would grown even more… but indeed, feedback is still zero. 
The orizon website has been completely rewritten with a brand new layout.
It lacks API reference and API usage example but I’ll provide them asap.
Last week I introduced Report class to manage reports. Report class is now the return data type from Source class, apply() method that perform static code review.
As you may see in Milk source code, a Report object works related with an implementation of Formatter class that describe how the output has be organized.
In fact, there is just a PlainFormatter by now that prints report lines over standard output. In the near future I’ll implement XMLFormatter and HTMLFormatter as well.
I’ve to work over the documentation too… and create a fancy web site… a lot of things to do…
That’s it. Orizon has reached the half of its Spring of Code pathwalk. I’m very pleased of this. Library contains 10 checks out of 30 that I’ve planned. Interaction between the library, the security checks and the translated source file works quite well.
Milk is now released as 0.10 and it is working. There are of course a lot of bugs and improvements to do, but it is now usable.
Available from Orizon Sourceforge page you can find:
That’s all by now… I’ll go back to work in translation issues and XML parsing routines.
Cheers
thesp0nge
Just update Orizon site with a new logo (very web 2.0 aware) and new downloads.
I decided to split down bastion from orizon but maintaining the same version number. I choose this way in order to separate hardening from code review. I added also javadoc links to the SourceForge site…
By now, I’m so tired… and I’m feeling not well at all… maybe it’s this raining evening that makes me so blue…