[Owasp-board] OWASP Fuzzing Code Database

Paulo Coimbra paulo.coimbra at owasp.org
Tue Jul 21 18:18:56 UTC 2009


Hello Wagner,

 

It’s my pleasure to inform that your proposal to lead the http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database has been accepted by the GPC.  

 

In fact your proposal was enthusiastically appreciated - “Sounds very cool and will be awesome if he delivers on his roadmap”. In addition, as technical advice, the GPC has suggested an “xml feed that tools can pull from” to avoid situations in which it has to be me manually created. 

 

Therefore I ask you to please find the spare cycles to send me off the data below requested. 

 

To conclude, I congratulate you and thank you for continuously supporting OWASP mission.

 

Best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Wagner Elias [mailto:wagner.elias at gmail.com] 
Sent: domingo, 19 de Julho de 2009 03:01
To: paulo.coimbra at owasp.org
Cc: dinis cruz; global-projects-committee at lists.owasp.org
Subject: Re: OWASP Fuzzing Code Database

 

Thanks Paulo!

 

Hello GPC Members,

 

The goal is to create a database that meets all the tools that are base on wordlists with statements such as: WebSlayer; Dirbuster; Whatever. In addition to the tools developed by volunteers from OWASP, we can create a database in the style of OVAL (Open Vulnerability and Assessment Language) where anyone could find a adopt maintained by OWASP XML.

 

Additionally intend to implement the following features:

 

Besides the existing classification, adopt other criteria that will get better results. Classify the statements in accordance with:

 

  1 - The statements of ASDR Project

  1 - Browser;

  2 - Operating System;

  3 - Database;

 

Post a URL where the process of maintenance would be collaborative.

The solution would have the initially following features:

 

  1 - Implement a process where it can be suggested a new statement and register if it is valid to identify any vulnerability and is not registered in the database;

  2 - A register which would be beyond the statements registered a unique id and a description of what the outcome of the operation of each statement;

  3 - Possibility of users report their experiences with the statements.

 

Thank you for the opportunity.

 

2009/7/17 Paulo Coimbra <paulo.coimbra at owasp.org>:

> Wagner,

> 

> 

> 

> I am glad to hear from you and thank for volunteering to lead the 

> OWASP Fuzzing Code Database Project.

> 

> 

> 

> As for directions I begin by recommending you glance at OWASP’s 

> Assessment Criteria - 

> https://www.owasp.org/index.php/Category:OWASP_Project_Assessment. 

> This set of rules will be used both to push the project up the ladder 

> and to assess it. Please check this link 

> http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects out as well.

> 

> 

> 

> Secondly, I ask whether you would be kind enough to write down and 

> send us off a couple of lines expressing your ideas in terms of project development.

> The goal is to allow some feedback from the OWASP Global Projects 

> Committee (GPC).

> 

> Thirdly, after and if the GPC agrees with handing over the project 

> leadership to you, I ask you to send me off the following data:

> 

> 

> 

> A – PROJECT

> 

> 

> 

> Project Name,

> Project Purpose,

> Project License,

> Project Leader,

> Project Maintainer,

> Project Contributor(s),

> Conference style presentation that describes the tool in at least 3 

> slides, Project Flyer/Pamphlet (PDF file), Project Roadmap, Project 

> main links,

> 

> 

> 

> B – FIRST RELEASE

> 

> Release Name,

> Release main features,

> Release downloadable file link

> Release Leader,

> Release Contributor(s),

> Release Reviewer,

> Release Mentor (if any),

> Release Sponsor(s) (if any),

> Release Flyer/Pamphlet,

> Release Roadmap,

> Release Main Links,

> 

> 

> 

> Note: For Project Leader and Contributors please create a wiki 

> accounts and please send me off the links. See here and here how to do 

> it and here an example of how it will be used.

> 

> 

> 

> As for now it’s all - I wish you good work and thank you for 

> supporting OWASP.

> 

> 

> 

> Should you have any queries or require any further information please 

> do not hesitate to contact me.

> 

> 

> 

> Best regards,

> 

> 

> 

> Paulo Coimbra,

> 

> OWASP Project Manager

> 

> 

> 

> From: Wagner Elias [mailto:wagner.elias at gmail.com]

> Sent: quinta-feira, 16 de Julho de 2009 22:00

> To: Paulo Coimbra; dinis cruz

> Subject: OWASP Fuzzing Code Database

> 

> 

> 

> Hello Diniz, Paulo,

> 

> 

> 

> I would like to improve and coordinate the following project:

> 

> http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database

> 

> 

> 

> I have identified that it is orphaned and is something I have done.

> 

> Create and maintain custom lists like these.

> 

> 

> 

> How can we proceed?

> 

> 

> 

> Best Regards.

> 

> 

> 

> --

> 

> Wagner Elias - OWASP Leader Project Brazil

> 

> ------------------------------------------------------------------

> 

> Twitter: www.twitter.com/welias

> 

> Blog: http://wagnerelias.com

> 

> Profile: http://www.linkedin.com/in/wagnerelias

 

 

 

--

Wagner Elias - OWASP Leader Project Brazil

------------------------------------------------------------------

Twitter: www.twitter.com/welias

Blog: http://wagnerelias.com

Profile: http://www.linkedin.com/in/wagnerelias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090721/2cd00f37/attachment-0002.html>


More information about the Owasp-board mailing list