Difference between revisions of "OWASP Code Pulse Project"

From OWASP
Jump to: navigation, search
m (Announce Code Pulse 2.6.1)
 
(21 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
=Main=
 
=Main=
 +
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div>
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
+
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
  
 
==About Code Pulse==
 
==About Code Pulse==
Line 12: Line 13:
 
==How it works==
 
==How it works==
  
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop applications, our current focus is in providing the best experience for web application testing.  
+
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach. Code Pulse currently supports Java programs, up to Java 11, and .NET Framework programs for CLR versions 2 and 4. It can track code coverage details at the method or source code level to show what's being called and when. Although Code Pulse works for desktop applications, our current focus is on providing the best experience for web application testing. Code Pulse 2.6 incorporates the [https://www.owasp.org/index.php/OWASP_Attack_Surface_Detector_Project OWASP Attack Surface Detector] and helps you see code coverage details for the endpoints of a web application.
  
 
==Why Code Pulse?==
 
==Why Code Pulse?==
Line 18: Line 19:
 
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.
 
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.
  
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.
+
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance), it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or to view where the coverage overlaps between multiple tools.
  
 
==Licensing==
 
==Licensing==
Line 24: Line 25:
 
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License.  
 
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License.  
  
| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
+
| style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |
  
 
== Quick Links ==
 
== Quick Links ==
 
* [http://code-pulse.com Code Pulse Website]
 
* [http://code-pulse.com Code Pulse Website]
* [https://github.com/secdec/codepulse/releases Download Latest Release]
+
* [https://github.com/codedx/codepulse/releases Download Latest Release]
* [https://github.com/secdec/codepulse/wiki Documentation]
+
* [https://github.com/codedx/codepulse/wiki Documentation]
* [https://github.com/secdec/codepulse Github Project Page]
+
* [https://github.com/codedx/codepulse Github Project Page]
  
 
== News and Events ==
 
== News and Events ==
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]
+
* <span style="background: #66CCFF; font-size:85%;padding:2px;">04 Jan 2019</span> [https://github.com/codedx/codepulse/releases/tag/v2.6.1 Version 2.6.1 is out!]
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]
+
* <span style="background: #66CCFF; font-size:85%;padding:2px;">12 Nov 2018</span> [https://github.com/codedx/codepulse/releases/tag/v2.6.0 Version 2.6.0 is out!]
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]
+
* <span style="background: #66CCFF; font-size:85%;padding:2px;">08 Aug 2018</span> [https://github.com/codedx/codepulse/releases/tag/v2.5.0 Version 2.5.0 is out!]
  
 
== Contact Us ==
 
== Contact Us ==
* [https://twitter.com/secdec @secdec]
+
Project Leader: Ken Prole
* [mailto:codepulse@securedecisions.com Email us]
+
 
* [https://github.com/secdec/codepulse/issues Create an issue]
+
Email: [mailto:ken.prole@codedx.com ken.prole@codedx.com]
 +
* [https://twitter.com/codedx @CodeDx]
 +
* [mailto:support@codedx.com Email us]
 +
* [https://github.com/codedx/codepulse/issues Create an issue]
 
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]
 
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]
  
 
== Related Projects ==
 
== Related Projects ==
  
 +
* [[OWASP Attack Surface Detector Project]]
 
* [[OWASP Zed Attack Proxy Project]]
 
* [[OWASP Zed Attack Proxy Project]]
 
* [[OWASP Dependency Check]]
 
* [[OWASP Dependency Check]]
Line 52: Line 57:
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
   | align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
+
   | rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
   | align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]   
+
   | width="50%" valign="top" align="center" | [[File:Owasp-breakers-small.png|link=]]   
 
   |-
 
   |-
   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
+
   | width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
+
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]
+
   | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]
 
   |}
 
   |}
  
Line 65: Line 70:
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then we've pushed out version 1.1 to tweak address a number of usability issues and integrate with [[OWASP Dependency Check]].
+
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then, we've pushed out multiple versions to address some usability issues and to include support for Java 11, .NET Framework applications, an [[OWASP Dependency Check]] integration, and code coverage details at the source code level.
  
 
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:
 
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:
- .NET support
+
 
 +
- Web request filter
 +
 
 
- Performance improvements
 
- Performance improvements
- Block level coverage instead of the current method level support
 
- Reporting
 
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state
 
- ZAP integration
 
  
 
Involvement in the development and promotion of Code Pulse is actively encouraged!
 
Involvement in the development and promotion of Code Pulse is actively encouraged!
 +
 
You do not have to be a security expert in order to contribute.
 
You do not have to be a security expert in order to contribute.
  
Line 84: Line 88:
 
* Spreading the word about the project!
 
* Spreading the word about the project!
  
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.
+
Visit the [https://github.com/codedx/codepulse Code Pulse GitHub project page] to see the source.
  
 
= Sponsors =
 
= Sponsors =
  
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].
+
Code Pulse is maintained and developed by [https://codedx.com/ Code Dx].
  
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.
+
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract numbers FA8750-12-C-0219 and HHSP233201600058C.
  
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
  
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]

Latest revision as of 14:19, 4 January 2019

Lab big.jpg

About Code Pulse

The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.

Codepulse-screenshot.png

How it works

Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach. Code Pulse currently supports Java programs, up to Java 11, and .NET Framework programs for CLR versions 2 and 4. It can track code coverage details at the method or source code level to show what's being called and when. Although Code Pulse works for desktop applications, our current focus is on providing the best experience for web application testing. Code Pulse 2.6 incorporates the OWASP Attack Surface Detector and helps you see code coverage details for the endpoints of a web application.

Why Code Pulse?

Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.

Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance), it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or to view where the coverage overlaps between multiple tools.

Licensing

OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License.

Quick Links

News and Events

Contact Us

Project Leader: Ken Prole

Email: ken.prole@codedx.com

Related Projects

Classifications

New projects.png Owasp-breakers-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg

The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then, we've pushed out multiple versions to address some usability issues and to include support for Java 11, .NET Framework applications, an OWASP Dependency Check integration, and code coverage details at the source code level.

Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:

- Web request filter

- Performance improvements

Involvement in the development and promotion of Code Pulse is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:

  • Code contributions
  • Testing
  • Wiki documentation
  • Spreading the word about the project!

Visit the Code Pulse GitHub project page to see the source.

Code Pulse is maintained and developed by Code Dx.

Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract numbers FA8750-12-C-0219 and HHSP233201600058C.