Difference between revisions of "OWASP Tiger"

From OWASP
Jump to: navigation, search
Line 6: Line 6:
 
* '''Allow for easy sharing and reuse of tests.''' You can save your test projects, send them to other Tiger users and even create templates that new Tiger projects can be based upon.
 
* '''Allow for easy sharing and reuse of tests.''' You can save your test projects, send them to other Tiger users and even create templates that new Tiger projects can be based upon.
  
Tiger's Condition Editor
+
''Tiger's Condition Editor''
 +
 
 
[[Image:add_condition_complete.png]]
 
[[Image:add_condition_complete.png]]
  

Revision as of 20:52, 7 February 2007

OWASP Tiger is a Windows application originally intented to be used for automating the process of testing variuous known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested.

Contents

Goals

Tiger's goals are quite simple:

  • Provide a simple way to create HTTP or HTTPS requests. You can define these using a very simple to use GUI.
  • Provide a simple, but flexible way of analyzing the responses automatically. You can define sets of rules that are to be applied to responses using a user friendly conditioin editor.
  • Allow for easy sharing and reuse of tests. You can save your test projects, send them to other Tiger users and even create templates that new Tiger projects can be based upon.

Tiger's Condition Editor

Add condition complete.png

Download

Tiger is not yet available for download.

User Manual

Tiger user manual is available here.

Future Development

Hopefully, the future development of OWASP Tiger will be twofold:

  • Tiger itself (for example, cookie support)
  • Project templates for various well known Web applications (i.e. your favorite portal, forum, blog etc.)