[Owasp-o2-platform] Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)

dinis cruz dinis.cruz at owasp.org
Tue Jul 19 02:48:04 EDT 2011


If you want to use O2 on Spring MVC apps that use Annotation-Based
controllers, there is an O2 module that you can use which will allow you to
view/test those controllers (including the Autobinding elements)

Here is a blog post that shows how it works: Visualizing Spring MVC
Annotations based Controls (and Autobinding PetClinic’s
vulnerabilities<http://o2platform.wordpress.com/2011/07/19/visualizing-spring-mvc-annotations-based-controls-and-autobinding-petclinics-vulnerabilities/>

This is quite an old O2 module (using the previous GUI), but what I really
like about it, is that *it shows how static analysis can be used to drive
black box tests* (which is the best way to perform blackbox reviews).

What we really need next, is to convert this code into the new 'O2 Script
based world' and into the Spring MVC mappings classes (as shown in the
JPetStore example).

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20110719/2ba4fc2d/attachment.html 


More information about the Owasp-o2-platform mailing list