Difference between revisions of "OWASP Code Pulse Project"

From OWASP
Jump to: navigation, search
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...")
 
Line 8: Line 8:
 
==OWASP Code Pulse Project==
 
==OWASP Code Pulse Project==
  
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. Code Pulse is a software tool, and as such will be delivered as downloadable software that users can run on their systems. Our intent is to be a cross-platform application that runs on Windows, OS X, and Linux.
+
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.
  
  
 
==Description==
 
==Description==
  
Please write a short introduction to the product here, Hassan.  
+
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.
 +
 
 +
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.
 +
 
 +
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing.  
  
  
Line 26: Line 30:
 
OWASP Code Pulse Project provides:
 
OWASP Code Pulse Project provides:
  
* xxx
+
* Real-time code coverage insight
* xxx
 
  
  
Line 44: Line 47:
 
== Related Projects ==
 
== Related Projects ==
  
* [[OWASP_CISO_Survey]]
+
* [[OWASP_Zed_Attack_Proxy_Project]]
  
  
Line 52: Line 55:
 
== Quick Download ==
 
== Quick Download ==
  
* Link to page/download
+
* [https://github.com/secdec/codepulse/releases Latest Release]
  
 
== Email List ==
 
== Email List ==
Line 82: Line 85:
  
 
|}
 
|}
 
=FAQs=
 
 
; Q1
 
: A1
 
 
; Q2
 
: A2
 
  
 
= Acknowledgements =
 
= Acknowledgements =
Line 104: Line 99:
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
As of [https://www.owasp.org/index.php/Projects/OWASP_Code_Pulse_Project/Roadmap April 2014], the priorities are:
 
 
 
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.
 
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.
  
Our next planned release is version 1.1 that is currently planned for August 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.
+
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.
  
 
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:
 
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:
 
 
- .NET support
 
- .NET support
 
 
- Reporting
 
- Reporting
 
 
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state
 
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state
 
 
- Dependency Check integration
 
- Dependency Check integration
 
 
- ZAP plugin
 
- ZAP plugin
  
Involvement in the development and promotion of XXX is actively encouraged!
+
Involvement in the development and promotion of Code Pulse is actively encouraged!
 
You do not have to be a security expert in order to contribute.
 
You do not have to be a security expert in order to contribute.
 +
 
Some of the ways you can help:
 
Some of the ways you can help:
* xxx
+
* Code contributions
* xxx
+
* Testing
 +
* Wiki documentation
 +
* Spreading the word about the project!
  
 
   
 
   

Revision as of 15:32, 16 April 2014

OWASP Project Header.jpg

OWASP Code Pulse Project

The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.


Description

Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.

Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.

Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing.


Licensing

OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License.

What is OWASP Code Pulse Project?

OWASP Code Pulse Project provides:

  • Real-time code coverage insight


Presentation

Link to presentation



Project Leader

Hassan Radwan


Related Projects


Quick Download

Email List

Project Email List

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Volunteers

OWASP Code Pulse is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.

Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.

Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it: - .NET support - Reporting - Trace playback to see the sequence of the coverage as opposed to just seeing the end state - Dependency Check integration - ZAP plugin

Involvement in the development and promotion of Code Pulse is actively encouraged! You do not have to be a security expert in order to contribute.

Some of the ways you can help:

  • Code contributions
  • Testing
  • Wiki documentation
  • Spreading the word about the project!