My dear fellow, it’s been awhile since I updated the blog last time. I’m so sorry about this, but I coded a lot and here is the results.
Just right now, I committed into sourceforge svn repository the code for release 1.18. I’ll make the tarball and then I’ll send it to Matt Tesauro to include it in the Owasp Live CD.
The tarball includes a README that act as user guide, it explains pretty well how to use Orizon Shell.
I also included a command, “suggest”, that tries to help the user suggesting the next action to be performed.
Another notable change is that now in plain text report it is also printed out a small snippet of code surrounding the found vulnerability.
It will be available in XML and HTML report too in next releases.
Some days ago I was in Cracow for the Owasp AppSEC EU’09 where I showed the new architecture and a little demo.
It was fun, because while trying to crawl the linux source kernel, Orizon crashed reporting a NULL pointer exception (that is fixed by now).
So, now Orizon can be used to perform source code crawling for C, PHP and Java sources. In the future you’ll be able to use Orizon to perform a full static analysis and C#, JSP and some other languages will be added.
It’s fun I can use Orizon in my everyday work.
(btw: you can check latest slideshow here)