OWASP O2 Platform

NOTE: this OWASP section of O2 is still under very heavy construction, so for now, please see http://www.o2-ounceopen.com for the latest O2-related updates and downloads

Sub-Projects

 * OSSAD - One Security Static Analyzer per Developer

Supported Technologies

 * Spring Framework (MVC)

Mailing list, O2 Presentations
You can join the O2 Platform Mailing list using this form or you can read its archives here. After being subscribed you can email this list using the owasp-o2-platform (at) lists.owasp.org email address


 * OWASP AppSec DC Conference, USA (13-Nov-09) - "OWASP O2 Platform - Open Platform for automating application security knowledge and workflows", Dinis Cruz
 * In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.


 * OWASP AppSec Brazil Conference
 * OWASP AppSec Ireland
 * OWASP London Chapter
 * UK Developer Event (Microsoft Oxford Research Campus)
 * OWASP AppSec Poland Conference
 * Confidence Conference (Poland)