[Owasp-codereview] Owasp Orizon new release

Paolo Perego thesp0nge at owasp.org
Wed Apr 4 06:00:43 EDT 2007


Hi list, I hope projects announcement aren't off topic there.
Yesterday I updated Orizon package at sourceforge site (
orizon.sourceforge.net) with an interesting (IMHO) feature in a code review
framework such Orizon pretend to be (when it will be completed, of course
:)).
Such feature, codenamed Bastion, is a set of objects helping developers to
add security in their code when radical changes are not possible.
Consider the following scenario. After a code review, vulnerabilities were
found but there is no time to add input filtering code and much important
there is no time to go back in testing environment to stress test the fixes.
What could be the next action here?
In my opionion an approach could be represented from using API adding
security checks to basic objects such as web form input fields, with few
changes in aforementioned source code.
This is the goal of Orizon Bastion java package.

By now just a simple XSSString is available providing string sanitizing to
avoid XSS.
A detailed howto to XSSString usage available here (
http://blogs.owasp.org/orizon/2007/04/03/howto-bastion-xssstring/).

I'd like to have your opinions about my idea and about the whole orizon
project.

Thanks
Ciao ciao

thesp0nge
-- 
Owasp Orizon leader
orizon.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-codereview/attachments/20070404/65135c4f/attachment.html 


More information about the Owasp-codereview mailing list