Difference between revisions of "OWASP O2 Platform"

From OWASP
Jump to: navigation, search
 
(86 intermediate revisions by 13 users not shown)
Line 1: Line 1:
'''NOTE: this OWASP section of O2 is still under very heavy construction, so for now, please see  http://www.o2-ounceopen.com for the latest O2-related updates and downloads'''
+
=Main=
  
==== Home Page ====
+
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div>
  
'''What is O2'''
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
O2 is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile. The objective is to 'Automate Application Security Knowledge and Workflows"
+
==OWASP O2 Platform==
  
To gain a better understanding of "what is O2?" start with this presentation "[http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf What is the OWASP O2 Platform]" and then read this presentation "[http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/O2%20Modules%20Presentation%20V1.0.pdf OWASP O2 Platform Modules]"
+
Collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile.
  
'''History'''
+
==Introduction==
  
Originally O2 (OunceOpen) originated from OunceLabs Advanced Research Team (ART) work, and aims to push to the limit the power of multiple Static Analysis engines.
+
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security tests and scripts.  
  
These tools have been developed by Security Professionals FOR security professionals, and are designed to automate the security consultant's brain
+
O2 is designed to '''Automate Security Consultants Knowledge and Workflows''' and to '''Allow non-security experts to access and consume Security Knowledge'''
  
'''External (to OWASP) O2 website'''
+
==Description==
 +
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
  
O2 has a sister (to OWASP) website which contains additional documentation, downloads and O2-related blogs: http://www.o2-ounceopen.com
+
O2 can also be a very powerful prototyping and fast-development tool for .NET. For more details on the O2 Platform see  http://o2platform.wordpress.com website which currently being used to host the help files and documentation pages.
  
  
'''Try O2!'''
+
==Licensing==
 +
OWASP O2 Platform is free to use. It is licensed under the Apache License, version 2.0.
  
Download the latest version of the Binaries, Installers or Source Code (from Files (Binaries, Source and Demos))
 
  
* Binaries: [http://www.o2-ounceopen.com/files-binaries-source-and-demo/_Bin_O2_Binaries%20%2009-Nov-09.zip _Bin_(O2_Binaries) 09-Nov-09.zip]
+
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
* Source Code: [http://www.o2-ounceopen.com/files-binaries-source-and-demo/_O2_Installers%2009-Nov-09.zip _SourceCode_O2 09-Nov-09.zip]
 
* MSI Installers: [http://www.o2-ounceopen.com/files-binaries-source-and-demo/_O2_Installers%2009-Nov-09.zip _O2_Installers 09-Nov-09.zip]
 
  
Or can install the most commonly used O2 Modulesdirectly from the web (using Click Once) at http://deploy.o2-ounceopen.com/:
+
== What is O2 Platform? ==
  
* [http://deploy.o2-ounceopen.com/O2_Tool_XRules/O2 Tool - XRules] - O2's eXtended rules environment which allows the execution and edition of complex security analysis workflows
+
OWASP O2 Platform provides:
* [http://deploy.o2-ounceopen.com/O2_Cmd_SpringMvc O2 Tool - SpringMVC] - Support for Spring's Framework MVC
 
* [http://deploy.o2-ounceopen.com/O2_Tool_RulesManager/ O2 Tool - RulesManager] - Powerful viewer and editor for Ounce's Rules
 
* [http://deploy.o2-ounceopen.com/O2_Tool_FindingsViewer/ O2_Tool_FindingsViewer] - Powerful Filter and Editor for Ozasmt files
 
* [http://deploy.o2-ounceopen.com/O2_Tool_CirViewer/ O2_Tool_CirViewer] - View and create (for .NET) CIR (Common Intermediate Representation) Objects
 
* [http://deploy.o2-ounceopen.com/O2_Tool_SearchEngine/ O2_Tool_SearchEngine] - RegEx text search based GUI
 
* [http://deploy.o2-ounceopen.com/O2_Tool_CSharpScripts/ O2_Tool_CSharpScripts] - Edit and Debug c# Scripts
 
* O2_Tool_DotNetCallbacksMaker- Automatically create Ounce Rules for .NET Callbacks
 
* [http://deploy.o2-ounceopen.com/O2_Tool_FindingsQuery/ O2_Tool_FindingsQuery] - Filter Ozasmt files using LAMDA like queries
 
* [http://deploy.o2-ounceopen.com/O2_Tool_JavaExecution/ O2_Tool_JavaExecution] - Write O2 scripts in Java
 
* [http://deploy.o2-ounceopen.com/O2_Tool_JoinTraces/ O2_Tool_JoinTraces] - Join traces (for example .NET and Web and Web Services layer)
 
* [http://deploy.o2-ounceopen.com/O2_Tool_Python/ O2_Tool_Python] - Write O2 scripts in Python
 
* [http://deploy.o2-ounceopen.com/O2_Tool_O2Scripts/ O2_Tool_O2Scripts] - O2 scripts editor (includes O2 Object Model)
 
* O2_WebInspect(PoC of Integrating Ounce's & WebInspect's assessment data)
 
  
 +
'''Requirements:'': Windows and .NET Framework 3.5 for the main apis and 4.5 for the installer
  
For demos try these
+
'''Source code''': The source code for the O2 Platform is available for download at GitHub:
  
* [http://www.o2-ounceopen.com/files-binaries-source-and-demo/files-for-o2-demostests/O2%20demo%20Pack%20-%2025%20Nov.zip O2 demo Pack 25_11_2008.zip]
+
'''Git Hub repositories'''
* [http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html Updated version of HacmeBank]
+
* FluentSharp: https://github.com/o2platform/O2.FluentSharp
* [http://deploy.o2-ounceopen.com/_AppsToScan/ Apps To Scan (directory)]
+
* O2 Platform Scripts: https://github.com/o2platform/O2.Platform.Scripts
* [http://deploy.o2-ounceopen.com/DemoFiles/ Demo files (directory)]
+
* O2 Platform Projects: https://github.com/o2platform/O2.Platform.Projects
* [http://deploy.o2-ounceopen.com/forStudentVM/ External tools (usually used when building Test environments or Student VMs)
+
* Misc and Legacy projects: https://github.com/o2platform/O2.Platform.Projects.Misc_and_Legacy
  
==== Sub-Projects ====
+
== Presentation ==
  
* [[OWASP O2 Platform/Sub-Projects/OSSAD| OSSAD - One Security Static Analyzer per Developer]]
+
[http://www.slideshare.net/DinisCruz/owasp-o2-platform-november-2010 Owasp O2 Platform ] - Automating Security Knowledge through Unit Tests
  
 +
== Project Leader ==
  
==== Supported Technologies ====
+
[mailto:dinis.cruz@owasp.org Diniz Cruz]
  
* [[OWASP O2 Platform/Spring Framework/MVC|Spring Framework (MVC)]]
+
== Ohloh (OpenHub) ==
  
==== Mailing list, O2 Presentations ====
+
see https://www.openhub.net/p/o2platform
  
You can join the O2 Platform Mailing list [https://lists.owasp.org/mailman/listinfo/owasp-o2-platform using this form] or you can read its [https://lists.owasp.org/mailman/listinfo/owasp-o2-platform archives here]. After being subscribed you can email this list using the owasp-o2-platform (at) lists.owasp.org email address
+
| valign="top"  style="padding-left:25px;width:200px;" |
  
* OWASP AppSec DC Conference, USA (13-Nov-09) - "OWASP O2 Platform - Open Platform for automating application security knowledge and workflows", Dinis Cruz
+
== Quick Download ==
:''In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.''
+
'''May 2016 - v6.0''':  [https://bintray.com/o2-platform/Main-Exe/download_file?file_path=O2+Platform+Installer+v6.0.msi O2 Platform installer v6.0] - this is a windows msi installer which requires admin privs
* OWASP AppSec Brazil Conference
 
* OWASP AppSec Ireland
 
* OWASP London Chapter
 
* UK Developer Event (Microsoft Oxford Research Campus)
 
* OWASP AppSec Poland Conference
 
* Confidence Conference (Poland)
 
  
 +
'''April 2013 - v5.5''':  [https://bintray.com/o2-platform/Main-Exe/download_file?file_path=O2_Platform_5.5_RC1.zip O2 Platform - Main O2 Gui] - this is a '''Windows Stand-Alone exe''' which will create a number of folders on first load (dependencies and temp files)
  
==== O2 on Twitter ====
+
== Email List ==
  
<!-- Twitter Box -->
+
[https://groups.google.com/a/owasp.org/forum/#!forum/o2-platform OWASP O2 Platform Mailing list]
  
{|
+
== News and Events ==
|-
+
* 2013/Nov/8 : Webinar "Using the O2 Platform to Automate Application Security Knowledge and Workflows"
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
+
* 2013/Jul/20: Released version 5.3 of the [https://o2platform.googlecode.com/files/O2%20Platform%20-%20Main%20O2%20Gui%20v5.3.exe O2 Platform main GUI]
Use the '''[http://search.twitter.com/search?q=O2Platform O2Platform]''' hashtag for your tweets
+
* 2013/Feb/8 : Released version 5.1 of the [http://o2platform.googlecode.com/files/O2%20Platform%20-%20Main%20O2%20Gui%20v5.1.exe O2 Platform main GUI]
 +
* 2013/Feb/8 : Helped [[UK]] Chapters to visualize its locations: [http://blog.diniscruz.com/2013/02/o2-script-to-create-google-static-map.html O2 Script to create Google Static map with OWASP UK Chapter locations]
  
'''O2Platform Twitter Feed ([http://twitter.com/O2Platform follow us on Twitter!])''' <twitter>O2Platform</twitter>
+
== In Print ==
 +
 
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Midlevel projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
  
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 
 
|}
 
|}
  
<!-- End Banner -->
+
=Downloads=
 +
 
 +
'''May 2016 - v6.0''':  [https://bintray.com/o2-platform/Main-Exe/download_file?file_path=O2+Platform+Installer+v6.0.msi O2 Platform installer v6.0] - this is a windows msi installer which requires admin privs
 +
 
 +
'''April 2013 - v5.5''':  [https://bintray.com/o2-platform/Main-Exe/download_file?file_path=O2_Platform_5.5_RC1.zip O2 Platform - Main O2 Gui] - this is a '''Windows Stand-Alone exe''' which will create a number of folders on first load (dependencies and temp files)
 +
 
 +
All download files are hosted at BinTray: https://bintray.com/o2-platform
 +
 
 +
 
 +
 
 +
<!-- hiding the ones below since they need work done
 +
 
 +
=FAQs=
 +
 
 +
; Q1
 +
: A1
 +
 
 +
; Q2
 +
: A2
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
O2 Platform is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* xxx
 +
* xxx
 +
 
 +
==Others==
 +
* xxx
 +
* xxx
 +
 
 +
= Road Map and Getting Involved =
 +
As of July, the priorities are:
 +
* xxx
 +
* xxx
 +
* xxx
 +
 
 +
Involvement in the development and promotion of O2 Platform is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* xxx
 +
* xxx
  
==== Project Details  ====
+
-->
  
{{:OWASP O2 Platform Project - Project Identification}}
+
=Project About=
 +
{{:Projects/OWASP O2 Platform Project | Project About}}  
  
 +
__NOTOC__ <headertabs />
  
[[Category:OWASP_O2_Platform]]
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]][[Category:SAMM-CR-2]]

Latest revision as of 04:01, 16 June 2016

Lab big.jpg

OWASP O2 Platform

Collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile.

Introduction

The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security tests and scripts.

O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge

Description

The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.

O2 can also be a very powerful prototyping and fast-development tool for .NET. For more details on the O2 Platform see http://o2platform.wordpress.com website which currently being used to host the help files and documentation pages.


Licensing

OWASP O2 Platform is free to use. It is licensed under the Apache License, version 2.0.


What is O2 Platform?

OWASP O2 Platform provides:

'Requirements:: Windows and .NET Framework 3.5 for the main apis and 4.5 for the installer

Source code: The source code for the O2 Platform is available for download at GitHub:

Git Hub repositories

Presentation

Owasp O2 Platform - Automating Security Knowledge through Unit Tests

Project Leader

Diniz Cruz

Ohloh (OpenHub)

see https://www.openhub.net/p/o2platform

Quick Download

May 2016 - v6.0: O2 Platform installer v6.0 - this is a windows msi installer which requires admin privs

April 2013 - v5.5: O2 Platform - Main O2 Gui - this is a Windows Stand-Alone exe which will create a number of folders on first load (dependencies and temp files)

Email List

OWASP O2 Platform Mailing list

News and Events

In Print

Classifications

Midlevel projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

May 2016 - v6.0: O2 Platform installer v6.0 - this is a windows msi installer which requires admin privs

April 2013 - v5.5: O2 Platform - Main O2 Gui - this is a Windows Stand-Alone exe which will create a number of folders on first load (dependencies and temp files)

All download files are hosted at BinTray: https://bintray.com/o2-platform



PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP O2 Platform Project (home page)
Purpose: Collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile.

NOTE: most of the O2 Platform content is still on the external website
www.o2platform.com

License: Apache License, Version 2.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
O2 Platform v4.0 beta - 04/April/2012 - (download)
Release description: N/A
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases