Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applicat...
Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
It was a dark and stormy night in Milan, Italy. It was 2006 and I felt the need of something helping me in reviewing other people java source code. So Owasp Orizon born and grew up as security tool trying to parse Java source code, building an Abstract Syntax Tree and spot for unsafe calls in the code.
In the very beginning Owasp Orizon was a sort of enhanced grep tool. In 2008, I started supporting PHP programming language but the initial boost disappeared. After being in love with other programming languages and technolgies, eight years later, in 2016 I kickstarted the project again from scratch.
Source code contains bugs and vulnerabilities. Owasp Orizon will help either application security specialists or developersto spot vulnerabilities in their code and to create security patches.
Owasp Orizon mission is to provide people an opensource tool, helping them in reviewing:
When you launch Owasp Orizon it will start unpkacing the target file if not a standalone .class file.
First security analysis stage is about vulnerabilities from third party libraries. Owasp Orizon will try to understand target package dependencies and than look for known security issues.
As knowledge base for third party library vulnerabilities, Owasp Orizon will support:
After this stage, Owasp Orizon will perform a walkthrough on Owasp TOP 10 security risks, using Apache BCEL library to disassemble java bytecode.
More a reminder than a real doc here
java -Dlog4j.configurationFile=./log4j2.xml -jar target/owasp-orizon-1.0-SNAPSHOT.jar
To be written