It finally happened.
Owasp Orizon 1.18 is good enough to be used to assist a code reviewer in a source code assessment.
I’m using now a slightly modified version, named 1.18.15 that fixes a little issue in Java language pack. Actually I’m behind a proxy so I can’t reach sourceforge SVN repository to commit the changes, but I promise I’ll do it ASAP.
I’m reviewing a Java web application using Orizon to crawl the business logic code and manually reviewing the results. As expected with a simple crawl you can’t expect yourself good results but you must review the findings.
However… it worked, despite a lot of people thinking that it would never work 🙂
I’ve got some problem with the JSP grammar, so we’re note able to add JSP support right now. I can’t use Orizon to help me with dynamic pages but… well, I’m pretty satisfied.
This is the todo list of the major tasks people can feel free to take and helping us.