OWASP Store Sheep Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Store Sheep
OWASP Store Sheep is...

Introduction
Store Sheep is a training app for Developers wishing to learn to securely code a Windows Store ('Metro Style') App, and Testers wanting to learn to test one. It contains a number of security vulnerabilities with explanations and fixes for them.

Description
Store Sheep (in line with the 'Goat' theme of Web Goat, Rails Goat etc - I thought it was about time we had a Sheep instead) is a training application for developers and testers. It takes the form of a pretend Windows Store App called 'A friend for Ewe' which is a dating agency for owners of pet Sheep.

The purpose of Store Sheep is for developers and testers alike to learn where these apps resemble and differ from traditional Win32 and Web applications and how to build them to resist attack. A side benefit from this project will be for the community to learn more about how the certification process for a big app store works and the kind of problems it does (and doesn't) find. I would imagine this would be relevant not only to Microsoft's Store but to Apple and Google's as well.

Broadly the idea at this stage is to get a basic app and some documentation up and running quite quickly and then to refine it as time goes on.

Licensing
OWASP Store Sheep is free to use. It is licensed under the GNU GPL v3 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is Store Sheep?
OWASP Store Sheep provides:


 * A Visual Studio project containing a JavaScript/HTML Windows Store app which can be side loaded on to a development machine running Windows 8.1.

Project Leader
Marion McCune

Ohloh

 * valign="top" style="padding-left:25px;width:200px;" |

Email List
Project Email List

Classifications

 * }

=FAQs=


 * Q1
 * A1


 * Q2
 * A2

= Acknowledgements =

Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * xxx
 * xxx

Others

 * xxx
 * xxx

= Road Map and Getting Involved = As of June 2014, the priorities are:

The application in its finished form will have three versions.


 * 1) This 'original version' contains a number of critical vulnerabilities, some of which will cause it to fail WACK (Windows Application Certification Kit). As such, if submitted to the Windows Store it would be rejected by Microsoft. The associated documentation explains how to correct these problems and move it to B)
 * 2) This application passes WACK and may pass Microsoft's checks, however it still contains a number of vulnerabilities such as authorisation flaws, Web Service problems etc. which would cause it to be a danger to its users' data if put live. The associated documentation explains how to find and fix these problems.
 * 3) This 'fixed' version of the application represents a safe (if not tremendously useful!) app which could pass through a Web Application 'penetration' test without any significant findings.

Involvement in the development and promotion of Store Sheep is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * xxx
 * xxx

=Project About=