[OWASP-CODESEEKER]Codeseeker project...

Gabe Lawrence glawrence at ucsd.edu
Wed Dec 4 13:32:07 EST 2002


Howdy folks,

Gabe Lawrence here. I was the CTO at Butterfly and will be making the code 
available to everyone. I just wanted to drop a note and let you know where 
things stand. I've been traveling a little and am moving from San Jose to 
San Diego so all my computers are not available right now. That should be 
cleared up this weekend and I should be able to pull out the full CVS 
repository from Butterfly. We will then go through and modify all the 
copyrights according to the grant to OWASP and put the source out for 
everyone to see...

At which point I will start to go through the different projects that those 
of us at Butterfly felt needed to be worked on and see what people are 
interested in doing. I'm sure many of you have your own ideas of what would 
be neat to do as well and I'd love to incorporate that as well.

As a quick overview, the majority of the codeseeker engine is written in 
Java code. This is then attached to different web servers using JNI calls 
and code written primarily in C++. In addition, there is a java based 
administration console and native code to make this a double clickable exe 
on windows.

Initially projects that really need to be worked are:

1. Replacing existing vulnerability database with VulnXML. This way we can 
take advantage of the communities effort to keep a single location up to 
date on what kinds of things to look for.

2. Better graphing/data mining in the administration tool. The graph and 
reporting capabilities are somewhat limited as far as what my vision of 
what should be there was... I'd like to really put some good exploration 
tools into place so people can really start to get some visibility into 
whats going on inside their infrastructures.

3. Performance. Always can be better right? Well specifically, we need to 
look at the database engine that is being used to maintain statistics. Its 
hsqldb and seems to be a nice solution from the feature standpoint, but is 
slow dealing with large sets of data and generates very large files. We may 
need to work on the schema to make certain types of queries faster or work 
on hsqldb to make it better. The problem is that if you want to allow for 
arbitrary exploration of traffic and statistics that it is hard to optimize 
the schema for a specific type of query...

-gabe





More information about the Owasp-codeseeker mailing list