Category:OWASProfiler Project

OWASProfiler will be an automated application profiling tool that can be used to assist with review scoping refinement. It will attempt to gauge the size and complexity of an application and utilize a standard ranking system specified in the Masters thesis "Metrics Standardization of Automated Application Profiling for Review Scoping Refinement" by Jeremy Ferragamo of Aspect Security ([Towson University] Academic Advisor: [Goran Trajkovski, PhD].).

Goals
Provide a tool that can be used as an industry standard for gauging the size and complexity of applications based on a specified ranking system.

Overview
"A lack of standardized metrics for performing automated application profiling bares a direct correlation to frequently under-scoped review efforts. Although there are many dimensions to what constitutes an under-scoped effort for a particular institution or a particular type of review or maintenance effort, automated application profiling plays a crucial role in scoping. Independent of the resources available to that institution a robust and non-disputable understanding of what is involved could help deter both the misallocation and under-allocation of available resources and funding. It should also be mentioned that without a standardized approach for determining the size and complexity of an application, clients run the risk of project reviews being over-scoped resulting in excessive and unnecessary expenditures."

The framework specified in the thesis will be implemented and incremental updates will be provided as more languages and technologies are supported in the analysis process.

Project Contributors
The OWASProfiler project is run by Jeremy Ferragamo of Aspect Security, Inc. He can be contacted at jeremy DOT ferragamo AT aspectsecurity.com. There are no OWASProfiler distributions yet, but they will be maintained on [SourceForge]. When completed, the OWASProfiler framework will make it extremely easy to support additional languages.

Timeline
August 2007: Projected completion date of Master's thesis with specification of the intended framework.

December 2007: Projected completion date of framework and initially supported language (Java).