• Save
Owasp Code Crawler Presentation
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,030
On Slideshare
2,029
From Embeds
1
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 1

http://www.slideshare.net 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. OWASP Code Crawler Alessio Marziali Owasp Code Crawler Project Leader Linksfield Technologies Ltd [email_address] 06 Nov 2008
  • 2. Who am I
    • 8 + years experienced Web Developer
      • Author of :
        • ASP. NET. “Alla scoperta della tecnologia microsoft per lo sviluppo web”
        • ASP.NET 3.5. “I nuovi orizzonti della tecnologia Microsoft per lo sviluppo web”
      • Penetration Tester
        • Clients: Finance, Internet Service Providers, Government
        • 33+ Advisories in the last year
      • OWASP Code Crawler Project Leader
      • Web Developer at Linksfield Technologies Ltd
  • 3. Linksfield Technologies
    • High-tech consultancy and software development house
    • Headquartered in London
    • 9 years old
    • 20+ staff
    • Clients in private and public sectors
    • Microsoft Gold Certified Partner
      • Custom Development
      • Data Management
      • Business Process & Integration
      • Small Business Server
    • IBM Business Partner
    • Specialists in Business Process Automation and Systems Integration
    • Strong Financial services sector experience
  • 4.  
  • 5. OWASP Code Crawler
    • Built using Visual Studio 2008, C# 3.0
    • Lightweight and ready to use
      • Standard Runtime is just <6Mb, can run from USB sticks!
    • Multi Platform
      • Designed for Windows, runs under MONO too
    • Open Source
      • Source Code is freely available
    • Click and Go
      • No Installation, No Requirements, Download and Run
  • 6. What it does
    • Automated Security Code Review using
      • OWASP Code Review
        • Will “scan” source code for well known vulnerability issues
        • Users can affect the behaviour of the application adding or removing items into the application by simply editing the relative XML File.
      • OWASP Orizon Project (spring 2009)
        • Working close with Paolo Perego, OWASP Orizon Project Leader while trying to integrate Orizon (Java) with Code Crawler (.NET)
  • 7. OWASP Code Review Integration
  • 8. Performances and functionalities
    • Fast Scan
      • 1000~ lines of code (~ 3 seconds to review)
    • Multi Languages Support
      • .NET (C#,VB, don’t say F#!)
      • Java
    • Integrated Editor
      • Visual Studio Like visualisation
        • C# Code colouring
        • Even “#region” are supported
  • 9. Source Code Preview
  • 10. Reporting
    • Users can perform automated security code review and generated well formatted reports using OWASP or companies template.
      • HTML
      • PDF (90%)
      • Office Word (70%)
    • Comes with 2 pre-built xslt/xml templates.
  • 11. Reporting (XSLT Templates)
  • 12. Team Management
    • Send Security Code Reviews by email without leaving the application.
    • Planning Code Reviews with Code Review Manager
  • 13.  
  • 14. Integrated OWASP Brower
    • Built around OWASP
      • Guides
      • Wiki
      • Tools
      • Are available within the application in just a click.
  • 15.  
  • 16. Everything is XML
    • Everything (from the core to functionalities) relies on XML files as
      • Data Storage
      • Configuration settings
      • Presentation (reports)
  • 17. Coding Code Crawler
    • We try to keep the code organised and easy to maintain. Below some examples on how the core of the application is coded (namespaces).
      • OWASP.CodeReview.CodeCrawler.Database.DatabaseObject (will load the Code Review Project Engine)
      • OWASP.CodeReview.CodeCrawler.Functionalities.Emails (Email Functionality)
      • OWASP.CodeReview.CodeCrawler.Functionalities.VisualStudio (Visual Studio Integration)
  • 18. The future of OWASP Code Crawler
    • OWASP Orizon Project
    • Never outdated reviews
      • Code Review Keypointers database will be moved into a web service, at runtime the application will check if the users has the latest version of database, if not it will proceed with the download.
    • More Templates
    • More Languages supported
  • 19.
    • Live Demonstration
  • 20.
    • Q/A