OWASP DEF - OWASP Data Exchange Format Project.
I decided to join this project becaurse of my WASS project, and I wanted to keep the reporting process as simple as possible, but how to do that with 10 different XML formats, well do somthing about it and try and come up with a format that should suit everybody.
You can find out more about this project at the following sites.
OWASP DEF (Data Exchange Format Project)
`OWASP Data Exchange Format` - https://www.owasp.org/index.php/OWASP_Data_Exchange_Format_Project - http://code.google.com/p/owasp-def/
This is a draft project for the above, and this is WORK IN PROGRESS.
At the moment exchanging data between pentest tools it is far too difficult.
So ... the purpose of this project is to define a simple, open format for exchanging data between pentest tools!
Involvement is encouraged, so if you would like to contribute to this project then please join the mailing list (https://lists.owasp.org/mailman/listinfo/owasp-data-exchange-format) and / or contact one of the project leaders.
Theres also a Google Code project http://code.google.com/p/owasp-def/ which we're using to store things like example formats used by pentest products. Contact Simon or Dinis to get commit access to this project.
The format must be open, and licensed so that it can be adopted by all products, whether open, closed, free or commercial.
It must be as simple to adopt as possible, and ideally based on existing open formats.
The goal of this draft is to come up with an Data Exchange Format that should be able to hold almost any Penetration test software output, whether this is
Dynamic, Static, Information gathering or Attack / Brute force.
This is based on the initial work done by Simon Bennetts (Psiinon) Zed Attack Proxy Project Leader and Dinis Cruz O2 Platform Project Leader,
and a lot of input from Dan Cornell and the guys behind Threadfix and the SSVL format.
Further information can be found at the above links.
I fully intend on this format being a part of OWASP.
The reason this draft lives here is only out of convenience for me.