Inspekt Project funded by OWASP

I’m very, very excited to announce that OWASP has chosen to fund development of what I’m calling “Inspekt” as part of their OWASP Spring of Code 2007. You can read my full proposal at the OWASP SoC Application Page

The idea behind Inspekt is to provide a comprehensive input filtering and validation library for PHP. Building upon Chris Shiflett’s original Zend_Filter_Input implementation, the primary new features will be:

  • Provide retrieval and filtering support for multidimensional arrays
  • Provide solutions for scoping issues (avoid the need for “global” keywords everywhere)
  • A variety of helper methods to reduce code verbosity
  • Block deprecated HTTP_*_VARS and other ways to grab input data without filtering
  • Auto-restrictions on input defined programatically or via configuration files
  • Compatible with PHP4 and PHP5
  • Self contained; not reliant on external libraries
  • Able to work with a wide variety of frameworks and app architectures; easily “pluggable” into any given web app

At this point I’m not sure where exactly the project will be hosted during development. I want to at least have a browsable SVN repo, and some kind of mailing list. I’m in the middle of php|tek 2007 right now, but I expect this weeked I can sort more of the details out. I only have about two months to do this, so I need to get started!

[tags]php, infosec, php security, inspekt, owasp, tek07[/tags]

  • Jacob
    05/29/2007 05:41:47 PM

    Congrats. It’s about time something like this came along. It seems like this is one of those things that everyone talks about and thinks is a good idea but no one actually implements it.