OWASP Web Testing Environment Project

Main
= Overview =



The OWASP WTE project was originally started to update the previous OWASP Live CD 2007. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made the following releases:


 * the Portugal release (Dec 12, 2008)
 * the AustinTerrier release (Feb 10, 2009)
 * the AppSec EU release (May, 2009)

In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.

Several mini-releases have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.

For historical purposes, the original application for the SoC is available here for the curious.

Screenshots of the current release!

The most recent presentation on the OWASP Live CD from AppSec EU 2009: (PPT)

= Project Goals =

The overarching goal for this project is to make application security tools and documentation easily available. I see this as a great complement to OWASP's goal to make application security visible.

The project has several other goals going forward:
 * 1) Provide a showcase for great OWASP tools and documentation
 * 2) Provide the best, freely distributable application security tools in an easy to use package
 * 3) Ensure that the tools provided are as easy to use as possible.
 * 4) Continue to add documentation and tools to the OWASP Live CD
 * 5) Continue to document how to use the tools and how the tool modules where created.
 * 6) Align the tools provided with the OWASP Testing Guide

There were also some design goals, particularly, this should be a live CD which is
 * easy for the users to keep updated
 * easy for the project lead to keep updated
 * easy to produce releases (I'm thinking quarterly releases going forward)
 * focused on just web application testing - not general Pen Testing.

(For general Pen Testing, the gold standard is Backtrack.)

Original SoC Goals are still available for the curious.

= Main Links =

These are links to mostly off-site information while the project migrates to this page:

Download Site

The following general documentation exists:


 * how I created the live CD
 * Using the Live CD / Tutorials(work in progress)
 * Forums for support and feature/tool requests