OWASP CAL9000 Project Roadmap

The project's overall goal is to...

Provide a centralized framework for the organization and use of a variety of tools that can assist web application security testers with their manual testing efforts.

In the near term, we are focused on the following tactical goals...


 * 1) Gathering user feedback.

Version History
Nov 16, 2006 - v2.0:
 * XSS Attacks Page:
 * Filter attacks by browser support
 * Create/edit/save/delete your own attacks
 * Display user-defined attacks in print-ready list
 * Expanded Regex functionality - Added show/replace/split on matches
 * Encoder/Decoder:
 * Added types md4 and sha1 (encode only)
 * Define Base64 special characters and padding character
 * HTTP Requests:
 * Added (almost) total control of request components
 * Quickly add request headers (single, by browser, by method)
 * Split/concatenate request parameters and get character count
 * Added AutoAttack feature (send multiple requests at once)
 * Quick encode request components (Url, hex, Unicode, Base64, md5)
 * Requests/responses saved to History file
 * Added History list navigation and functions (delete, print-ready)
 * HTTP Responses:
 * Displays target Url, response status codes, headers and body
 * Split out scripts, forms and cookies
 * Display request body in new window as it would appear in browser
 * Added History list navigation and functions (delete, print-ready)
 * String Generator:
 * Define character used for string generation
 * Testing Checklist:
 * Old testing checklist included as testing tips
 * Added true testing checklist - Create/edit/save/delete checklist items
 * AutoAttack List Editor:
 * Create/edit/save/delete attack lists and items
 * Display attack lists in print-ready format
 * Quick encode checklist items (Url, hex, Unicode, Base64, md5)

July 30, 2006 - v1.1:
 * Focus of this Release: Upgrade Encode/Decode function.
 * Added Uppercase check box
 * Added Trailing Character text field
 * Added Delimiter text field
 * Added Include Unselected Text check box
 * Added Wrappers
 * Added several Encoding/Decoding types
 * Added ability to Encode/Decode selected text only
 * Added Store/Restore functionality
 * Added Selected Text processing
 * Added Error/Informational Message functionality
 * String Generator can handle larger string sizes
 * Minor Bugfixes w/ URL Encoding
 * Minor Bugfixes w/ Save State processing

May 18, 2006 - v1.0.

Wish List

 * What features would you like to see added?