[ OWASP - Montreal ] Validation Testing Framework
philippe at gamache.com
Thu Apr 16 12:23:51 EDT 2009
On my preceding message about CodeFest 3.0, there was a project call
OWASP Validation Testing Framework.
This framework doesn't exist for the moment, but I want to use the
codefest to begin working on the project.
The project is an addition to ESAPI, in a way.
So lets me explain it.
It's a framework that will help generate unit testing files, usually for
Some config files will have differents tests, for differents datatype,
and using a generator, it will produce testing using differents
templates for differents unit testing framework.
So by exemple, we will produce date test for email, phone numbers, URL,
Generator could do files for differents framework like jUnits, phpUnits,
SimpleTest, phpt, lime...
So if a project, use phpUnits, and have a validator for email, it could
generate test for it.
So many validators or filters, have flaws, because programmers don't
understand all concepts of a format, or concept of security, so many
accept (ie for email) thing like :
*** The next to line are one attack line, with a return (or line jump)
into it ***
myemail at site.com
to: spam at site.com
So now we have a header injection in a email.
or do you know that this address is valid?
me\@mysite.com at site.com
But who many validators will reject it? 80%? More?
WHO can help?
Anyone that is at least one of those :
* You did a validator in any languages
* You understand some formats that need validation
* You're using a unit testing framework
* You're a programmer
* You're a Pen Tester
* You would like to help on :
* Making the testing configuration (YAML)
* Making the unit testing template
* Making the generator (in PHP, but others languages implementations
could be done after)
During CodeFest 3.0
A working prototype should be finish during this weekend. The framework
will be offer to OWASP. I really want it to be a official project, but
having prototype, and betters documentations will help.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 131 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-montreal/attachments/20090416/5cc38c95/attachment.vcf
More information about the Owasp-montreal