[GPC] New OWASP Project: Input Validation with Java Annotations

Paulo Coimbra paulo.coimbra at owasp.org
Thu Jul 2 14:20:27 EDT 2009


Hello Dag, Federico and Khalid,

 

Hope you are well.

 

I have set up your project page https://www.owasp.org/index.php/Category:OWASP_Content_Validation_using_Java_Annotations_Project. 

 

Since now, you can begin using the wiki page as you find best but please keep the integrity of the “Project Identification” tab. It will be used to keep all the information required by OWASP’s Assessment Criteria - https://www.owasp.org/index.php/Category:OWASP_Project_Assessment.

 

I’ve also created an OWASP mailing list for your project - https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project - and, by now, the admin password must have been sent automatically to you. 

 

If you need/wish an OWASP email account, please let me know and I will create it for you. 

 

In addition, your email addresses have been added at OWASP Leaders mailing list.  As a result, you are now able to use this email list owasp-leaders at lists.owasp.org to contact all of the most active OWASP project and chapter leaders. I suggest contacting them to discuss your project and to find hypothetical contributors. 

 

To conclude the project’s setting up phase we still need you provide the following information:

 

A - As for the project:

 

1.       Project Leader’s and Reviewer wiki accounts (please see not Note),

2.       Project Flyer/Pamphlet,

B - As for your last release:

 

3.       Release main features,

4.       Release License (if you don’t agree with my current proposal)

5.       Release Flyer/Pamphlet,

6.       Release Roadmap.

 

Note: For Project Leader and Contributors please create a wiki account <https://www.owasp.org/index.php/Special:Userlogin> s and please send me off the links. See here <https://www.owasp.org/index.php/Tutorial>  and here <http://www.owasp.org/index.php/User:Mtesauro>  how to do it and here <http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Project_Identification>  an example of how it will be used.

 

As soon as you have sent the above required information, the assessment process can begin.  

 

As for now it’s all - I wish you good work and thank you for supporting OWASP.

 

Should you have any queries or require any further information please do not hesitate to contact me. 

 

Best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Dag Hovland [mailto:dag.hovland at uib.no] 
Sent: quinta-feira, 25 de Junho de 2009 22:55
To: paulo.coimbra at owasp.org
Cc: 'Federico Mancini'; 'Khalid Azim Mughal'; 'Global Projects Committee'
Subject: Re: New OWASP Project: Input Validation with Java Annotations

 

Paolo,

 

Information about the project is below. I hope this is as according to the assessment criteria.

 

Best regards,

 

Dag Hovland

 

=================================

Proposed OWASP Project: Content Validation using Java Annotations

 

We are a group of researchers at the Department of Informatics, University of Bergen, who would like to start an OWASP Project.

 

DESCRIPTION / OVERVIEW

We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework.

We have an initial implementation of a  flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.

 

Road Map and Milestones:

- Continuous code review and refactoring of the code base.

- Extend the library of tests and annotations.

- Improve support for composing annotations and for cross-tests.

- Improve support for querying the validation results.

- Create a technical report on the architecture, design and implementation of the framework

- Plan for frequent new releases of the framework

- Make contact with other groups working on validation with annotations.

 

 

PROJECT REVIEWER:

 

Jan Hendrik Kuperus (jan-hendrik.kuperus at sogeti.nl)

 

PROJECT INFO:

 

What: Content Validation using Java Annotations

 

Purpose: Using Java annotations for object validation, specifically for content validation.

 

Who:

 

Name             Email             OWASP Wiki user

 

Federico Mancini       federico.mancini at uib.no Federico Mancini

Dag Hovland            dag.hovland at uib.no      Dag Hovland

Khalid A Mughal Khalid.Mughal at uib.no    Khalid Azim Mughal

 

How:

 

Project Main Links: Sourceforge site: http://shipvalidator.sourceforge.net

 

 

RELEASE INFO:

 

SHIP Validator

 

Current release:

0.2 - June 2009

Download: http://sourceforge.net/projects/shipvalidator/

 

Other releases:

0.1 - May 2009

Download: http://sourceforge.net/projects/shipvalidator/

 

 

 

Paulo Coimbra skrev:

> Dag,

> 

>  

> 

> I am glad to hear you are still interested in the project. 

> 

>  

> 

> For your information the OWASP Assessment Criteria http://www.owasp.org/index.php/Category:OWASP_Project_Assessment has changed – we are now using the version 2.0 – and so you only need to suggest a reviewer. Please see the following notes on reviewers:

> 

>  

> 

> *  Ideally, per project release, the project leader will propose the reviewer(s). 

> *  Ideally, reviewers should be an existing OWASP project leader or chapter leader. 

> *  If the project lead is unable to find the required reviewer(s), the Global Projects Committee can assist in identifying reviewers for the project. 

> *  It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Stable releases. The board has the initial option to review the project, followed by the Global Projects Committee. 

> 

>  

> 

> In addition, as we have in the meantime approved a new project information frame – please see http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Project_Identification – I ask you to send me off as much information as you can so as to allow me to set up a similar one to your project.

> 

>  

> 

> Many thanks, best regards,

> 

>  

> 

> Paulo Coimbra,

> 

>  <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

> 

>  

> 

> From: Dag Hovland [mailto:dag.hovland at uib.no]

> Sent: sexta-feira, 19 de Junho de 2009 08:59

> To: paulo.coimbra at owasp.org

> Cc: Federico Mancini; Khalid Azim Mughal

> Subject: Re: New OWASP Project: Input Validation with Java Annotations

> 

>  

> 

> Paulo Coimbra,

> 

>  

> 

> Yes, we are still interested in the project. We have been using some

> 

> time trying to find reviewers. We will send you the information you

> 

> requested very soon.

> 

>  

> 

> Reagards,

> 

>  

> 

> Dag Hovland

> 

>  

> 

> Paulo Coimbra wrote:

> 

>> Dear Dag,

> 

> 

>>  

> 

> 

>> We haven’t heard back from you. Are you still interested in this 

>> project? I

> 

>> thank your answer in advance.

> 

> 

>>  

> 

> 

>> Best regards,

> 

> 

>>  

> 

> 

>> Paulo Coimbra,

> 

> 

>>  <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

> 

> 

>>  

> 

> 

>> From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org]

> 

>> Sent: terça-feira, 26 de Maio de 2009 18:09

> 

>> To: 'Dag Hovland'

> 

>> Cc: 'global-projects-committee at lists.owasp.org'; 'OWASP Foundation 

>> Board

> 

>> List'; 'federico.mancini at uib.no'

> 

>> Subject: RE: New OWASP Project: Input Validation with Java 

>> Annotations

> 

> 

>>  

> 

> 

>> Dear Dag,

> 

> 

>>  

> 

> 

>> I thank you for your initiative to develop an OWASP Project and for

> 

>> supporting OWASP Foundation.

> 

> 

>>  

> 

> 

>> As requested, I will set a new project page for you using a project 

>> skeleton

> 

>> similar 

>> <http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project>  to

> 

>> the one currently in use. To allow me doing so, would you mind 

>> sending off

> 

>> the following data, please? 

> 

> 

>>  

> 

> 

>> 1.       Wiki user account - please

> 

>> <https://www.owasp.org/index.php/Special:UserLogin> create a wiki 

>> account

> 

>> and fill in with your personal details i.e., (1) email address, (2)

> 

>> curriculum vitae/resume, and (3) past wiki contributions; see

> 

>> <http://www.owasp.org/index.php/Tutorial> here how to do it and

> 

>> <http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project> here 

>> and

> 

>> <http://www.owasp.org/index.php/User:Mtesauro> here an example of how 

>> it

> 

>> will be used,

> 

> 

>> 2.       Detailed roadmap including milestones for future developments,

> 

> 

>> 3.       First Reviewer *,

> 

> 

>> 4.       Second Reviewer*.

> 

> 

>>  

> 

> 

>> * Please have into account that, in result of what is established in 

>> the

> 

>> above referred OWASP Assessment Criteria, the project's lead should 

>> suggest

> 

>> two Project Reviewers and one of them should be an OWASP Project or 

>> Chapter

> 

>> Leader. However, if you find it difficult or impossible, please let 

>> me know

> 

>> and I will try and help.

> 

> 

>>  

> 

> 

>> Also, to have a general idea about the path a project should follow 

>> to reach

> 

>> Release Quality, I recommend reading carefully the OWASP

> 

>> <https://www.owasp.org/index.php/Category:OWASP_Project_Assessment>

> 

>> Assessment Criteria.  

> 

> 

>>  

> 

> 

>> Moreover, I am copying carbon both the OWASP Board and the OWASP 

>> Global

> 

>> Projects Committee to check if they have specific suggestions and/or

> 

>> recommendations for you.

> 

> 

>>  

> 

> 

>> Should you have any further questions, please do not hesitate and get 

>> back

> 

>> to me.

> 

> 

>>  

> 

> 

>> Many thanks, best regards,

> 

> 

>>     

> 

> 

>> Paulo Coimbra,

> 

> 

>> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>

> 

> 

>>  

> 

> 

>> From: Dag Hovland [mailto:dag.hovland at uib.no]

> 

>> Sent: segunda-feira, 25 de Maio de 2009 12:40

> 

>> To: paulo.coimbra at owasp.org

> 

>> Subject: New OWASP Project: Input Validation with Java Annotations

> 

> 

>>  

> 

> 

>> We are a group of researchers from the dept. of computer science at 

>> the

> 

> 

>> University of Bergen. We would like to start an OWASP Project, 

>> probably

> 

> 

>> in the category "PROTECT".

> 

> 

>>  

> 

> 

>> Project name: Input Validation with Java Annotations

> 

> 

>>  

> 

> 

>> Project leaders: Federico Mancini (federico.mancini at uib.no) and Dag

> 

> 

>> Hovland (dag.hovland at uib.no)

> 

> 

>>  

> 

> 

>> Project description: We wish to explore the use of Java annotations 

>> for

> 

> 

>> object validation, and specifically for input validation. The result

> 

> 

>> should be a framework which should be easy to add to an existing

> 

> 

>> application. The existing approaches are either part of a large

> 

> 

>> framework (e.g. JSR-303) which assumes much of the application, or 

>> are

> 

> 

>> not much more than hints about how to approach.

> 

> 

>>  

> 

> 

>> Future developments: We have a working Java framework which can be 

>> added

> 

> 

>> to almost any Java application. The library of tests and annotations

> 

> 

>> should be expanded. The support for composing annotations and for

> 

> 

>> "cross-tests" (tests involving multiple properties) should be better. 

>> We

> 

> 

>> also plan to publish in an international conference by winter 2009 /

> 

> 

>> spring 2010.

> 

> 

>>  

> 

> 

>> Chosen open-source license: LGPL v3

> 

> 

>>  

> 

> 

>> Project Contributors: Federico Mancini (federico.mancini at uib.no), Dag

> 

> 

>> Hovland (dag.hovland at uib.no) and Khalid A. Mughal

> 

> 

>>  

> 

> 

>> Sponsor Organizations: University of Bergen,

> 

> 

>>  

> 

> 

>> Main Links: https://sourceforge.net/projects/shipvalidator/ (Project 

>> not

> 

> 

>> yet approved)

> 

> 

>>  

> 

> 

>> Related OWASP Projects: OWASP AntiSamy Java Project, OWASP Enterprise

> 

> 

>> Security API (ESAPI) Project

> 

> 

>>  

> 

> 

>>  

> 

> 

>> Regards,

> 

> 

>>  

> 

> 

>> Dag Hovland

> 

> 

> 

>  

> 

>  

> 

> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090702/1a873963/attachment-0001.html 


More information about the Global-projects-committee mailing list