[Owasp-leaders] Automated Code Review in a distribuited environment

Alessio Marziali alessio.marziali at cyphersec.com
Fri Mar 27 16:09:45 EDT 2009



I'm writing you all to inform that today a prototype of a potential OWASP
project successfully ran in one of my company's server.


The architecture of this application has been designed to be multi thread.
Controlled by one central unit (server) a bunch of thread fires calling a
remote server. This server "slave" connects to the development servers
where it grabs a copy of the latest day build.


+magic starts here+ 


Using code crawler's engine a list of files which includes every file
located in a specific location (configurable) will be reviewed. 


The application will read only files with specific extensions. Which means
that it will ignore images/flash files/ or every file it has been asked to


The control unit is a very rudimental web application which act as front
end. The front end works in combination with a SQL Server database as
backend. This is where results are stored. Using code crawler reporting
engine, the application is able to generate reports in different formats.


The entire system can run in "service/on demand" mode. Which means that it
can be scheduled to run when you leave your office and to be ready for
tomorrow with a cup of coffee in your hands. J


The code is on  its very early stages. Loads of Exceptions as it's supposed
to be a prototype.


It could be a very exciting project.  Could require a lot of efforts to get
it done.

Before asking for any help (volunteers\sponsorship) I'm here to ask if you
think that this project could be of any good for OWASP.


Flame, Suggestions, Questions are very welcome.




Alessio Marziali

OWASP Code Crawler Project Leader


alessio.marziali at cyphersec.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090327/9c1e909f/attachment.html 

More information about the OWASP-Leaders mailing list