OWASP O2 Platform/WIKI/O2 Supported Technologies

The following list represents the current O2 supported technologies and how they can be consumed by multiple O2 Modules.

Note that adding support for a new technology, tool or framework is usually quite an easy task (since there are numerous O2 APIs that can be easily reused or modified).

If you have a particular need please send a request to the O2 mailing list

Findings Creation

 * Open Source or Free Tools
 * O2 Tool CSharpScripts - download
 * Microsoft CAT.NET v1.0 (not the latest release)
 * FindBugs - download, see XSD and O2 object model
 * OWASP CodeCrawler - download, see XSD and O2 object model
 * WebScarab logs (original version, not the NG one) - download, see XSD and O2 object model


 * Require Paid-for license
 * Ounce 6.x (now called IBM AppScan Source Edition) - see XSD and O2 object mode
 * Ounce 7.x (now called IBM AppScan Source Edition) - see XSD and O2 object mode
 * IBM AppScan developer Edition -  see XSD and O2 object mode
 * Fortify (very basic support) - see XSD and O2 object mode

Cir Creation

 * Open Source or Free Tools
 * Using O2 Modules
 * .NET Framework Assemblies (*.dll, *.exe)
 * Java class files (*.class, *.jar. *.war)


 * Requiring Paid-for license
 * Ounce 6.x (now called IBM AppScan Source Edition)
 * .NET, Java, C/C++, VB6, ASP Classic and (under internal beta at the moment) PHP

Trigger Scans

 * Open Source or Free Tools
 * CAT.NET v1.0 (have not tested the latest release)
 * Requiring Paid-for license
 * Ounce 6.x (now called IBM AppScan Source Edition)

Framework Support

 * Spring Framework (MVC)
 * Struts