OWASP O2 Platform

Home Page
O2 is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile.

Originally O2 (OunceOpen) originated from OunceLabs Advanced Research Team (ART) work, and aims to push to the limit the power of multiple Static Analysis engines.

These tools have been developed by Security Professionals FOR security professionals, and are designed to automate the security consultant's brain

NOTE: this OWASP section of O2 is still under very heavy construction, so for now, please see http://www.o2-ounceopen.com for the latest O2-related updates and downloads

What is O2

To gain a better understanding of "what is O2?" start with this presentation

Try O2!

Download the latest version of the Binaries, Installers or Source Code (from Files (Binaries, Source and Demos))


 * Binaries: _Bin_(O2_Binaries)
 * Source Code: _SourceCode

Or can install the most commonly used O2 Modulesdirectly from the web (using Click Once) at http://deploy.o2-ounceopen.com/:


 * O2_Tool_RulesManager - Powerful viewer and editor for Ounce's Rules
 * O2_Tool_FindingsViewer- Powerful Filter and Editor for Ozasmt files
 * O2_Tool_CirViewer- View and create (for .NET) CIR (Common Intermediate Representation) Objects
 * O2_Tool_SearchEngine- RegEx text search based GUI
 * O2_Tool_CSharpScripts- Edit and Debug c# Scripts
 * O2_Tool_DotNetCallbacksMaker- Automatically create Ounce Rules for .NET Callbacks
 * O2_Tool_FindingsQuery- Filter Ozasmt files using LAMDA like queries
 * O2_Tool_JavaExecution- Write O2 scripts in Java
 * O2_Tool_JoinTraces- Join traces (for example .NET and Web and Web Services layer)
 * O2_Tool_Python- Write O2 scripts in Python
 * O2_Tool_O2Scripts- O2 scripts editor (includes O2 Object Model)
 * O2_WebInspect(PoC of Integrating Ounce's & WebInspect's assessment data)

For demo files try these


 * O2 demo Pack 25_11_2008.zip
 * Updated version ofHacmeBank

Mailing list
You can join the O2 Platform Mailing list using this form or you can read its archives here. After being subscribed you can email this list using the owasp-o2-platform (at) lists.owasp.org email address