Difference between revisions of "OWASP DHS SWA Day 2010 OWASP WTE"

From OWASP
Jump to: navigation, search
Line 9: Line 9:
 
== The speaker  ==
 
== The speaker  ==
  
A speaker Bio for Matt Tesauro will be posted shortly.
+
[http://www.owasp.org/index.php/User:Mtesauro Matt Tesauro's Bio]
  
 
== Notes ==
 
== Notes ==

Revision as of 14:42, 5 October 2010

The presentation

Owasp logo normal.jpg
A presentation about the OWASP Web Testing Environment, previously the OWASP Live CD.

This presentation is given as part of OWASP Software Assurance Day at the | 13th Annual Software Assurance Forum.

Download the presentation

The speaker

Matt Tesauro's Bio

Notes

OWASP Live CD Education Project

The OWASP Live CD is an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by OWASP Spring Of Code 2007 and Security Distro (Assessment Criteria v1.0)

It’s hard to be a tester if you have never been a developer. The goal of the CD was originally to create a ready-made environment in which to perform testing. The CD showcases great tools and contains not only OWASP tools.

The design goals include being easy to keep users up to date while being easy to update.There were gaps between the tools and the testing guides. The goal is to keep them aligned.

The OWASP Web Testing Environment (WTE) is the new name of the DVD which includes 26 significant tools. WTE also includes Firefox security add-ons, OWASP documents, a Top 10 risks list, VM software, and many other. WTE is also used as an education tool. The Webgoat tool is already being used for training classes.

WTE consists of more tools focused on developing instead of testing focused; there are more tools available via a repository for packages. Each tool will now automatically install dependent tools. WTE now runs on Ubuntu and each tool has its own Debian package. You can mix and match packages for only what you need to use. Some new features to be added in future versions are virtual installs, USB bootable install, customized versions of WTE via a la carte builds.