Wednesday 19 September 2012

Reply to 'I would like to help' request (with focus on SAST)

here is reply I sent today to an 'Hey how I can help/join/participate on the O2 Platform' question:

Hey .... , I would love you have you help (or join) the O2 Platform project , there are a lot of areas that you can help :)

To start I would ask you to focus on your C# skills and get your head around O2's REPL scripting environment, VisualStudio Plug-In and Cat.NET integration. We can move on to the Eclipse Plug-in later on.

I really think that we can change/improve the way developers consume Security Knowledge, and since you understand SAST and 'Static Analysis Technology', you can help me in the development of the next version of the Cat.NET VisualStudio Extension (for example: adding Guis for the Rules, adding support for MVC Frameworks, add support for 'offline/out-of-process' scans (on same box or in the cloud), etc...)

Btw, have you seen/tried the real-time scanner PoCs? It is a amazing learning tool for security vulnerabilities

All O2 source code is here: https://github.com/o2platform and there are tons of articles and blog posts at: http://o2platform.wordpress.com . Yes O2 needs a new website with a much better structure :) , I have the o2-platform.com domain for that purpose

There is a mailing list at https://lists.owasp.org/mailman/listinfo/owasp-o2-platform , and although , I'm thinking of moving it Google Groups, that is the best place to ask questions (and meet the other O2 developers, collaborators and users).

Let me know where you would like to start,