OWASP O2 Platform/WIKI/O2 Source Code

You can join the O2 Platform Mailing list using this form or you can read its archives here. After being subscribed you can email this list using the owasp-o2-platform (at) lists.owasp.org email address


 * OWASP AppSec DC Conference, USA (13-Nov-09) - "OWASP O2 Platform - Open Platform for automating application security knowledge and workflows", Dinis Cruz
 * In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerabilities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.


 * OWASP AppSec Brazil Conference
 * OWASP AppSec Ireland
 * OWASP London Chapter
 * UK Developer Event (Microsoft Oxford Research Campus)
 * OWASP AppSec Poland Conference
 * Confidence Conference (Poland)