Fortify FVDL Files – First working Parser and Viewer for *.fvdl files
Following from the previous Fortify FVDL posts (here, here, here and here), here is a first working tool that is able to load up *.fvdl files, parse its relevant data into a new set of classes, and then visuzalize its contents into a number of tabs.
This is what the main GUI look like (after loading/dropping the 35Mb dspace.fvdl file):
On the left there is a PropertyGrid control that shows a view of the new O2 Fortify_Scan class, and on the right there is a TabControl with a number of Tab Pages (each containing a raw view of the classes created).
Here is what each of the tab pages looks like:
ScannedFiles
Contexts:
Descriptions
CalledWithNoDefs
Sinks
Sources
Snippets
Vulnerabilities
The next post will show what the updated API_Fortify looks like, and the code that was used to create this GUI
1 Comment »
Leave a Reply
About
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)
Download
Windows ClickOnce Installer:
Mailing List
The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)
[...] Here is the source code that create the environment/GUI/tool shown in the Fortify FVDL Files – First working Parser and Viewer for *.fvdl files post [...]