[GPC] XML Vulnerability definition language

Jason Li jason.li at owasp.org
Wed Mar 9 15:54:39 EST 2011


Pablo,

I don't believe either of the projects Jim or Paulo cited will help you.

There is not an official OWASP standard for capturing report information of
vulnerabilities. There is an open request by OWASP for such a standard:
http://www.owasp.org/index.php/Summit_2011/Open_letter_to_WebAppSec_Tool_and_Services_vendors:_Release_your_schemas_and_allow_automation

The OWASP Report Generator project uses a XML schema to capture report data.
That project may be useful to you, but it has not been updated in some time.

I know Dinis Cruz has also done some work with the OWASP O2 project
regarding aggregation of information from disparate sources (e.g. various
vendor tool output formats) - he may be able to provide some additional
insight.

Hope that helps!

-Jason

On Wed, Mar 9, 2011 at 12:02 PM, Jim Manico <jim.manico at owasp.org> wrote:

> The JXT project is a JSP replacement technology for XSS prevention. Not
> sure if this is what you are looking for.
>
> -Jim Manico
> http://manico.net
>
> On Mar 9, 2011, at 8:52 AM, "Paulo Coimbra" <paulo.coimbra at owasp.org>
> wrote:
>
> Hello Pablo,
>
>
>
> I am not sure whether this
> <http://www.owasp.org/index.php/Projects/OWASP_Java_XML_Templates_Project>
> http://www.owasp.org/index.php/Projects/OWASP_Java_XML_Templates_Projectcan help you. I am also carbon copying the Global Projects Committee for us
> to see if its members have additional info to provide you with.
>
>
>
> Thanks,
>
> - Paulo
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra>
>
>
>
> *From:* pablomartinmail at gmail.com [mailto:pablomartinmail at gmail.com] *On
> Behalf Of *Pablo Martín Pérez
> *Sent:* terça-feira, 8 de Março de 2011 12:30
> *To:* <paulo.coimbra at owasp.org>paulo.coimbra at owasp.org
> *Subject:* XML Vulnerability definition language
>
>
>
> Dear Paulo,
>
> I would like to ask you if OWASP has a language to generate XML reports of
> the vulnerabilities found in the code of web applications. I have heard
> about VulnXML but I cannot find the schema.
>
> --
> Best Regards
>
> Pablo Martín Pérez
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20110309/d54abe32/attachment-0001.html 


More information about the Global-projects-committee mailing list