Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Pantera"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
'''Project Coordinator:''' Dinis Cruz
 
'''Project Coordinator:''' Dinis Cruz
  
'''Project Progress:''' xx% Complete - [[OWASP_Autumn_of_Code_2006_-_Projects:_Pantera_-_Progress|Progress Page]]
+
'''Project Progress:''' 1% Complete - [[OWASP_Autumn_of_Code_2006_-_Projects:_Pantera_-_Progress|Progress Page]]
  
 
== Background and Motivation ==
 
== Background and Motivation ==
Line 29: Line 29:
  
 
As described in OWASP AOC the deliverables are:
 
As described in OWASP AOC the deliverables are:
Mature and robust framework: The purpose of Pantera is to come up with a mature framework to perform application assessments where performance, portability and usability are key elements in the design.  
+
* Mature and robust framework: The purpose of Pantera is to come up with a mature framework to perform application assessments where performance, portability and usability are key elements in the design.  
Active Scanning Engine via a plug-in system: A complete vulnerability scanning engine in 3 phases (recon/spider, vulnerabilities, verify result)  
+
* Active Scanning Engine via a plug-in system: A complete vulnerability scanning engine in 3 phases (recon/spider, vulnerabilities, verify result)  
Automated Analysis Tools (Auth brute force, decompiler, etc.): Automated tools to perform repetitive tasks like authorization brute force, fuzzing, etc.  
+
* Automated Analysis Tools (Auth brute force, decompiler, etc.): Automated tools to perform repetitive tasks like authorization brute force, fuzzing, etc.  
Import data from well-known sources as Application Scanners and other Pentesting Proxies: Import all data into Pantera to replay attacks and/or correlate findings to obtain the best results possible.  
+
* Import data from well-known sources as Application Scanners and other Pentesting Proxies: Import all data into Pantera to replay attacks and/or correlate findings to obtain the best results possible.  
Charts and pie generation of analyzed data: Visual charts and pies to get a better picture of the vulnerabilities and obtained data from the assessment.  
+
* Charts and pie generation of analyzed data: Visual charts and pies to get a better picture of the vulnerabilities and obtained data from the assessment.  
Report generation with customization in different formats (HTML, XML, PDF, etc.): Generate report in different formats and able to customize to your taste.  
+
* Report generation with customization in different formats (HTML, XML, PDF, etc.): Generate report in different formats and able to customize to your taste.  
Improved Data Mining capabilities: Better data mining analysis.  
+
* Improved Data Mining capabilities: Better data mining analysis.  
Assessment Timeframe: Create a timeframe of the assessment.
+
* Assessment Timeframe: Create a timeframe of the assessment.
  
 
== Risks and Rewards ==  
 
== Risks and Rewards ==  
Line 42: Line 42:
 
'''Main Risks'''
 
'''Main Risks'''
  
Not being able to complete the project in time.
+
* Not being able to complete the project in time.
Monumental task for just one person.
+
* Monumental task for just one person.
  
 
'''Rewards of Successful Project'''
 
'''Rewards of Successful Project'''
  
Create a useful and professional project.
+
* Create a useful and professional project.
Contributing to OWASP and the community
+
* Contributing to OWASP and the community

Revision as of 04:50, 10 October 2006

AoC Candidate: Simon

Project Coordinator: Dinis Cruz

Project Progress: 1% Complete - Progress Page

Background and Motivation

History Behind Project

Pantera was developed out of necessity, to create an easy but powerful application assessment framework. The development of Pantera started at some point in 2005 using SpikeProxy as baseline. Since then it has changed a lot by adding many cool features. Simon Roses Femerlimg, main developer, donated Pantera to OWASP in August 2006.

Problem to be Addressed

Where to start!! Even Pantera have been successfully used in several assessments but it is far from finished. This project needs a lot of work and support from the community as it is currently being developed by just one person. Several design issues have been identified and will be addressed in future versions

Benefit to OWASP Members and Community

The benefit of Pantera is to provide a top-notch open source solution to perform professional application assessments.

Goals and Deliverables

Plan of Approach

Check out Pantera Progress Page

Deliverables

As described in OWASP AOC the deliverables are:

  • Mature and robust framework: The purpose of Pantera is to come up with a mature framework to perform application assessments where performance, portability and usability are key elements in the design.
  • Active Scanning Engine via a plug-in system: A complete vulnerability scanning engine in 3 phases (recon/spider, vulnerabilities, verify result)
  • Automated Analysis Tools (Auth brute force, decompiler, etc.): Automated tools to perform repetitive tasks like authorization brute force, fuzzing, etc.
  • Import data from well-known sources as Application Scanners and other Pentesting Proxies: Import all data into Pantera to replay attacks and/or correlate findings to obtain the best results possible.
  • Charts and pie generation of analyzed data: Visual charts and pies to get a better picture of the vulnerabilities and obtained data from the assessment.
  • Report generation with customization in different formats (HTML, XML, PDF, etc.): Generate report in different formats and able to customize to your taste.
  • Improved Data Mining capabilities: Better data mining analysis.
  • Assessment Timeframe: Create a timeframe of the assessment.

Risks and Rewards

Main Risks

  • Not being able to complete the project in time.
  • Monumental task for just one person.

Rewards of Successful Project

  • Create a useful and professional project.
  • Contributing to OWASP and the community