Main
Blog
Downloads
Support
Resources
Help Wanted
Penetration Testing
Contact Us
|
|
Any user can help with the project by providing feedback on ideas for new
features, false-positives, false-negatives, or bugs.
If you're interested in becoming more involved, below is a list of specific
areas that the project needs helps with. Don't feel limited to the list; if you
have other ideas, let me know.
- Testing: Anyone can test Grendel just by using it, but more focused
testing is also needed. The main skill required is being able to write up a bug
report with reproducable details.
- Test targets: A big part of testing is identifying test targets that
anyone can (legally) test against.The simplest way is to use standardized
virtual machines. Virtual appliances for open-source web apps are very easy to
obtain, but that usually means PHP. Grendel obviously needs to be tested against
PHP, but also against .Net, J2EE, ColdFusion, etc.
Legality is important, so we can't just share commercially licensed software.
For .Net, Wine could be an option, as could
an install script that would let someone duplicate a test site on their own copy
of Windows. Smith might be an option
for ColdFusion, but I know very little about it.
- Documentation: The in-program help needs to be improved and a tutorial
needs to be written, espeicially for users that aren't very familiar with web
app security. Documentation in multiple languages would be nice too.
- Bug
fixing: An in-depth knowledge of the
application is not a prerequisite to fix some bugs. This does require knowledge of Java; some bugs may require knowledge of
various libraries such as SWT.
- JUnit testing: Grendel really, really
needs an automated testing framework with code-coverage analysis. Requires
knowledge of Java and setting up unit testing.
-
New features: There are a lot of new features on Grendel's roadmap. Most of
them require famailiarity with Grendel's internal structure, but not all. This
requires a larger investment of time than the other items.
|