OWASP Code Crawler Alessio Marziali Owasp Code Crawler Project Leader Linksfield Technologies Ltd [email_address] 06 Nov 2...
Who am I <ul><li>8 + years experienced Web Developer </li></ul><ul><ul><li>Author of :  </li></ul></ul><ul><ul><ul><li>ASP...
Linksfield Technologies <ul><li>High-tech consultancy and software development house </li></ul><ul><li>Headquartered in Lo...
 
OWASP Code Crawler <ul><li>Built using Visual Studio 2008, C# 3.0 </li></ul><ul><li>Lightweight and ready to use </li></ul...
What it does <ul><li>Automated Security Code Review using </li></ul><ul><ul><li>OWASP Code Review </li></ul></ul><ul><ul><...
OWASP Code Review Integration
Performances and functionalities <ul><li>Fast Scan </li></ul><ul><ul><li>1000~ lines of code (~ 3 seconds to review) </li>...
Source Code Preview
Reporting <ul><li>Users can perform automated security code review and generated well formatted reports using OWASP or com...
Reporting (XSLT Templates)
Team Management <ul><li>Send Security Code Reviews by email without leaving the application. </li></ul><ul><li>Planning Co...
 
Integrated OWASP Brower <ul><li>Built around OWASP </li></ul><ul><ul><li>Guides </li></ul></ul><ul><ul><li>Wiki </li></ul>...
 
Everything is XML <ul><li>Everything (from the core to functionalities) relies on XML files as </li></ul><ul><ul><li>Data ...
Coding Code Crawler <ul><li>We try to keep the code organised and easy to maintain. Below some examples on how the core of...
The future of OWASP Code Crawler <ul><li>OWASP Orizon Project </li></ul><ul><li>Never outdated reviews </li></ul><ul><ul><...
<ul><li>Live Demonstration </li></ul>
<ul><li>Q/A </li></ul>
Upcoming SlideShare
Loading in...5
×

Owasp Code Crawler Presentation

1,517

Published on

Portugal

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,517
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Owasp Code Crawler Presentation

  1. 1. OWASP Code Crawler Alessio Marziali Owasp Code Crawler Project Leader Linksfield Technologies Ltd [email_address] 06 Nov 2008
  2. 2. Who am I <ul><li>8 + years experienced Web Developer </li></ul><ul><ul><li>Author of : </li></ul></ul><ul><ul><ul><li>ASP. NET. “Alla scoperta della tecnologia microsoft per lo sviluppo web” </li></ul></ul></ul><ul><ul><ul><li>ASP.NET 3.5. “I nuovi orizzonti della tecnologia Microsoft per lo sviluppo web” </li></ul></ul></ul><ul><ul><li>Penetration Tester </li></ul></ul><ul><ul><ul><li>Clients: Finance, Internet Service Providers, Government </li></ul></ul></ul><ul><ul><ul><li>33+ Advisories in the last year </li></ul></ul></ul><ul><ul><li>OWASP Code Crawler Project Leader </li></ul></ul><ul><ul><li>Web Developer at Linksfield Technologies Ltd </li></ul></ul>
  3. 3. Linksfield Technologies <ul><li>High-tech consultancy and software development house </li></ul><ul><li>Headquartered in London </li></ul><ul><li>9 years old </li></ul><ul><li>20+ staff </li></ul><ul><li>Clients in private and public sectors </li></ul><ul><li>Microsoft Gold Certified Partner </li></ul><ul><ul><li>Custom Development </li></ul></ul><ul><ul><li>Data Management </li></ul></ul><ul><ul><li>Business Process & Integration </li></ul></ul><ul><ul><li>Small Business Server </li></ul></ul><ul><li>IBM Business Partner </li></ul><ul><li>Specialists in Business Process Automation and Systems Integration </li></ul><ul><li>Strong Financial services sector experience </li></ul>
  4. 5. OWASP Code Crawler <ul><li>Built using Visual Studio 2008, C# 3.0 </li></ul><ul><li>Lightweight and ready to use </li></ul><ul><ul><li>Standard Runtime is just <6Mb, can run from USB sticks! </li></ul></ul><ul><li>Multi Platform </li></ul><ul><ul><li>Designed for Windows, runs under MONO too </li></ul></ul><ul><li>Open Source </li></ul><ul><ul><li>Source Code is freely available </li></ul></ul><ul><li>Click and Go </li></ul><ul><ul><li>No Installation, No Requirements, Download and Run </li></ul></ul>
  5. 6. What it does <ul><li>Automated Security Code Review using </li></ul><ul><ul><li>OWASP Code Review </li></ul></ul><ul><ul><ul><li>Will “scan” source code for well known vulnerability issues </li></ul></ul></ul><ul><ul><ul><li>Users can affect the behaviour of the application adding or removing items into the application by simply editing the relative XML File. </li></ul></ul></ul><ul><ul><li>OWASP Orizon Project (spring 2009) </li></ul></ul><ul><ul><ul><li>Working close with Paolo Perego, OWASP Orizon Project Leader while trying to integrate Orizon (Java) with Code Crawler (.NET) </li></ul></ul></ul>
  6. 7. OWASP Code Review Integration
  7. 8. Performances and functionalities <ul><li>Fast Scan </li></ul><ul><ul><li>1000~ lines of code (~ 3 seconds to review) </li></ul></ul><ul><li>Multi Languages Support </li></ul><ul><ul><li>.NET (C#,VB, don’t say F#!) </li></ul></ul><ul><ul><li>Java </li></ul></ul><ul><li>Integrated Editor </li></ul><ul><ul><li>Visual Studio Like visualisation </li></ul></ul><ul><ul><ul><li>C# Code colouring </li></ul></ul></ul><ul><ul><ul><li>Even “#region” are supported </li></ul></ul></ul>
  8. 9. Source Code Preview
  9. 10. Reporting <ul><li>Users can perform automated security code review and generated well formatted reports using OWASP or companies template. </li></ul><ul><ul><li>HTML </li></ul></ul><ul><ul><li>PDF (90%) </li></ul></ul><ul><ul><li>Office Word (70%) </li></ul></ul><ul><li>Comes with 2 pre-built xslt/xml templates. </li></ul>
  10. 11. Reporting (XSLT Templates)
  11. 12. Team Management <ul><li>Send Security Code Reviews by email without leaving the application. </li></ul><ul><li>Planning Code Reviews with Code Review Manager </li></ul>
  12. 14. Integrated OWASP Brower <ul><li>Built around OWASP </li></ul><ul><ul><li>Guides </li></ul></ul><ul><ul><li>Wiki </li></ul></ul><ul><ul><li>Tools </li></ul></ul><ul><ul><li>Are available within the application in just a click. </li></ul></ul>
  13. 16. Everything is XML <ul><li>Everything (from the core to functionalities) relies on XML files as </li></ul><ul><ul><li>Data Storage </li></ul></ul><ul><ul><li>Configuration settings </li></ul></ul><ul><ul><li>Presentation (reports) </li></ul></ul>
  14. 17. Coding Code Crawler <ul><li>We try to keep the code organised and easy to maintain. Below some examples on how the core of the application is coded (namespaces). </li></ul><ul><ul><li>OWASP.CodeReview.CodeCrawler.Database.DatabaseObject (will load the Code Review Project Engine) </li></ul></ul><ul><ul><li>OWASP.CodeReview.CodeCrawler.Functionalities.Emails (Email Functionality) </li></ul></ul><ul><ul><li>OWASP.CodeReview.CodeCrawler.Functionalities.VisualStudio (Visual Studio Integration) </li></ul></ul>
  15. 18. The future of OWASP Code Crawler <ul><li>OWASP Orizon Project </li></ul><ul><li>Never outdated reviews </li></ul><ul><ul><li>Code Review Keypointers database will be moved into a web service, at runtime the application will check if the users has the latest version of database, if not it will proceed with the download. </li></ul></ul><ul><li>More Templates </li></ul><ul><li>More Languages supported </li></ul>
  16. 19. <ul><li>Live Demonstration </li></ul>
  17. 20. <ul><li>Q/A </li></ul>

×