[Owasp-orizon] Php parser and Mirage per language skeleton brainstorm...
thesp0nge at owasp.org
Mon Feb 2 12:06:11 EST 2009
On Sat, Jan 31, 2009 at 9:02 AM, Stephen Craig Evans
<stephencraig.evans at gmail.com> wrote:
> Hi Paolo,
> I just got back from a week-long trip and will look deeper into what you did
> after I finish writing my reports but this is a HUGE, HUGE step!!!
Here we are... there's no rush :)
In these two weeks I'm code reviewing a PHP application by hand,
that's way I took the php grammar and I wrote a bunch of code to
figure it out something.
I think the php_modeler v0.2 you can find in the orizon space at
sourceforge can be used to build the skeleton for a generic parser.
> If you haven't done so already, I am sure that Jonathan Revusky would love
> to get an email of encouragement from you. I followed the mailing list trail
I just wrote a love letter in their google group about freecc project.
It's amazing and it's dynamic and I love it!
> And, by the way, if you need any incentive to work harder on Orizon, listen
> to Gary McGraw on OWASP Podcast #5 as he calls OWASPians (plus he singles
> out Italians) communists! I've heard it twice already and it sure motivates
> me - which was probably not his intention :-)
I heard the podcast. Gary McGraw is a venerable senior in security IT
and I respect him. I disagree about the capitalism/communist dualism
when applied to IT, but it is my opinion.
After this, I don't want to say anything that can be mislead... anyone
has its own political point of view, we must concern about security
and about getting a beer when we meet at conferences :)
Looking back... ok guys, let's show Gary that we can make something
"stay hungry, stay foolish"
OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
More information about the Owasp-orizon