Orizon

What is?

Back in October 2006 I was gathering information for a talk about safe coding best practices and I was impressed about the missing knowledge sharing between opensource code review related tools.

In the web 2.0 era, it was so strange that some opensource tools forget the meaning of the words "reuse the code", that's way I started hacking Orizon.
Orizon is a code review engine, it will provide APIs to developers to aid them to build source code assessment tools. Orizon will also provide a library of pre built sanity checks and some code to manage it.
Orizon is not a tool usable to perform a code review over an application source code, but it is the way a developer can be such software with.

Orizon will provide some very killing features such as:

• independence from the language the source code being scanned is written into. This is achieved because Orizon will translate source code into XML and start processing it;
• a static code review library with APIs managing it. The library provides checks about style, about source code behaviour overrun, about complexity and undocumented code, about dangerous function calls, ...
• a dynamic code review engine called "dawn". By dynamic I mean that the source code won't be checked about "how the code has been written" but "how the code behaves if stressed with common attacks pattern". Dynamic checks will include Cross Site Scripting checks, SQL injection checks and most of the Owasp Top 10 vulnerabilities content;
• a fancy reporting system capable of producing reports in plain text, XML, HTML, latex, PDF and more...

Last modified: Tue Jul 29 02:29:42 PDT 2008

Latest releases

stable: 0.90

Links

Orizon @ Owasp site

Orizon blog

My blog

Support

Valid XHTML 1.0 | Copyright © 2006, 2007, 2008 thesp0nge