Validation Testing Framework


This framework doesn't exist for the moment, but I want to use the codefest to begin working on the project.

The project is an addition to ESAPI, in a way.

So lets me explain it.

WHAT?


It's a framework that will help generate unit testing files, usually for Validator/Filter fonction.

Some config files will have differents tests, for differents datatype, and using a generator, it will produce testing using differents templates for differents unit testing framework.

So by exemple, we will produce date test for email, phone numbers, URL, ect.

Generator could do files for differents framework like jUnits, phpUnits, SimpleTest, phpt, lime...

So if a project, use phpUnits, and have a validator for email, it could generate test for it.

WHY?


So many validators or filters, have flaws, because programmers don't understand all concepts of a format, or concept of security, so many accept (ie for email) thing like :

The next two line are one attack line, with a return (or line jump) into it

to:

So now we have a header injection in a email.

or do you know that this address is valid?

me\@mysite.com@site.com

But how many validators will reject it? 80%? More?

WHO can help?


Anyone that is at least one of those :

  • You did a validator in any languages
  • You understand some formats that need validation
  • You're using a unit testing framework
  • You're a programmer
  • You're a Pen Tester
  • You would like to help on :
* Making the testing configuration (YAML)
* Making the unit testing template
* Making the generator (in PHP, but others languages implementations could be done after)
* Documentation

WHEN :


During CodeFest 3.0

A working prototype should be finish during this weekend. The framework will be offer to OWASP. I really want it to be a official project, but having prototype, and betters documentations will help.


Sponsored by:

Upcoming events

RSS feed Wiki RSS feed Forums RSS feed Calendars