Difference between revisions of "OWASP Web Testing Environment Project"

From OWASP
Jump to: navigation, search
(Major update of page - first draft to correct the redirect to OWASP Live CD)
(First pass at a re-write of the OWASP WTE project page)
Line 4: Line 4:
 
[[Category:OWASP Release Quality Tool]]
 
[[Category:OWASP Release Quality Tool]]
 
[[Category:OWASP Live CD Project]]
 
[[Category:OWASP Live CD Project]]
 
==== Main ====
 
  
 
= Overview =
 
= Overview =
Line 11: Line 9:
 
[[Image:cdCoverLiveCDView.png|frame|Live CD Cover]]
 
[[Image:cdCoverLiveCDView.png|frame|Live CD Cover]]
  
The OWASP WTE project was originally started to update the previous [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2007_Project OWASP Live CD 2007].  The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC releaseSince the completion of the SoC, the project has made the following releases:
+
The OWASP WTE project is an enhancement of the original [https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD Project] and expands the offering from a static Live CD ISO image to a collection of sub-projectsIts primary goal is to
  
* the Portugal release (Dec 12, 2008) 
+
<blockquote>Make application security tools and documentation easily available and easy to use</blockquote>
* the AustinTerrier release (Feb 10, 2009)
+
* the AppSec EU release (May, 2009)
+
  
In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.
+
At its heart, it is a collection of easy to use Application Security Tools and Documentation. WTE has a variety of ways to distribute them:
 +
* Virtual Machines for VMware, VirtualBox and Parallels
 +
* Invidividual Debian packages (.deb) which attempt to be Linux disto agnostic. 
 +
** Tested against Ubuntu, Debian, Mint, Kali, etc.
 +
* A bootable ISO image
 +
* Hosted on various Cloud providers
 +
* Ala Carte mix-and-match installations for special purposes
  
Several mini-releases have sprung from this project.  Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC.  These are either downloadable files or instructions on how to create the alternate delivery mechanisms.
 
  
 +
The project is focused at provding a ready environment for testers, developers or trainers to learn, enhance, demonstrate or use their application security skills.  Its been an active OWASP project since 2008 and has had over 300,000 downloads.
  
 +
Beyond the collection of tools from OWASP and other security projects, OWASP WTE has begun producing and including its own security tools, especially where there were no existing tools which fit a particular need.
  
For historical purposes, the original application for the SoC is available [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project here] for the curious.
 
 
'''[http://appseclive.org/content/ScreenShots Screenshots] of the current release!'''
 
 
The most recent presentation on the OWASP Live CD from AppSec EU 2009: ([http://www.owasp.org/images/4/46/AppSecEU09_OWASP_Live_CD-mtesauro.ppt PPT])
 
  
 
= Project Goals =
 
= Project Goals =
Line 41: Line 39:
 
# Align the tools provided with the [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]  
 
# Align the tools provided with the [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]  
  
There were also some design goals, particularly, this should be a live CD which is
+
There were also some design goals, particularly, this should be an environment which is
 
* easy for the users to keep updated
 
* easy for the users to keep updated
 
* easy for the project lead to keep updated
 
* easy for the project lead to keep updated
* easy to produce releases (I'm thinking quarterly releases going forward)
+
* easy to produce releases  
 
* focused on just web application testing - not general Pen Testing.   
 
* focused on just web application testing - not general Pen Testing.   
  
(For general Pen Testing, the gold standard is [http://www.remote-exploit.org/backtrack.html Backtrack].)
+
(For general Pen Testing, the gold standard is [http://www.kali.org/ Kali Linux].)
  
 
[http://mtesauro.com/livecd/index.php?title=Original_SoC_Goals Original SoC Goals] are still available for the curious.
 
[http://mtesauro.com/livecd/index.php?title=Original_SoC_Goals Original SoC Goals] are still available for the curious.
Line 53: Line 51:
 
= Main Links =
 
= Main Links =
  
These are links to mostly off-site information while the project migrates to this page:<br />
+
These are links to mostly off-site information while the project migrates more content to this page:<br />
 
<br />
 
<br />
<b>[http://appseclive.org/downloads/ Download Site]</b><br />
+
<b>[http://www.appseclive.org/downloads/ Download Site]</b><br />
  
 +
Current project source is at [http://code.google.com/p/owasp-wte/ Google Code]<br>
 +
GitHub repository will be at https://github.com/mtesauro/owasp-wte
 +
A migration to GitHub is in process - expected to be complete during May 2014.
  
 +
<!-- These need updating
 
The following general documentation exists:<br />
 
The following general documentation exists:<br />
 
*[http://appseclive.org/content/making-owasp-live-cd-using-slax how I created the live CD]
 
*[http://appseclive.org/content/making-owasp-live-cd-using-slax how I created the live CD]
 
*[http://appseclive.org/content/owasp-live-cd-tutorials Using the Live CD / Tutorials(work in progress)]
 
*[http://appseclive.org/content/owasp-live-cd-tutorials Using the Live CD / Tutorials(work in progress)]
 
*[http://appseclive.org/forum Forums for support and feature/tool requests]
 
*[http://appseclive.org/forum Forums for support and feature/tool requests]
 +
-->
 +
 +
= Project history =
 +
 +
The OWASP WTE project was originally started to update the previous [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2007_Project OWASP Live CD 2007].  The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release.  Since the completion of the SoC, the project has made the following releases:
 +
 +
* the Portugal release (Dec 12, 2008) 
 +
* the AustinTerrier release (Feb 10, 2009)
 +
* the AppSec EU release (May, 2009)
 +
 +
In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.
 +
 +
Several mini-releases have sprung from this project.  Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC.  These are either downloadable files or instructions on how to create the alternate delivery mechanisms.
 +
 +
 +
For historical purposes, the original application for the SoC is available [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project here] for the curious.
 +
 +
<!-- Wow, this is out of date
 +
The most recent presentation on the OWASP Live CD from AppSec EU 2009: ([http://www.owasp.org/images/4/46/AppSecEU09_OWASP_Live_CD-mtesauro.ppt PPT])
 +
-->
  
 
<!-- ==== Project Identification 1.0 ====
 
<!-- ==== Project Identification 1.0 ====

Revision as of 15:17, 1 May 2014


[edit]

Live CD Cover

The OWASP WTE project is an enhancement of the original OWASP Live CD Project and expands the offering from a static Live CD ISO image to a collection of sub-projects. Its primary goal is to

Make application security tools and documentation easily available and easy to use

At its heart, it is a collection of easy to use Application Security Tools and Documentation. WTE has a variety of ways to distribute them:

  • Virtual Machines for VMware, VirtualBox and Parallels
  • Invidividual Debian packages (.deb) which attempt to be Linux disto agnostic.
    • Tested against Ubuntu, Debian, Mint, Kali, etc.
  • A bootable ISO image
  • Hosted on various Cloud providers
  • Ala Carte mix-and-match installations for special purposes


The project is focused at provding a ready environment for testers, developers or trainers to learn, enhance, demonstrate or use their application security skills. Its been an active OWASP project since 2008 and has had over 300,000 downloads.

Beyond the collection of tools from OWASP and other security projects, OWASP WTE has begun producing and including its own security tools, especially where there were no existing tools which fit a particular need.


The overarching goal for this project is to make application security tools and documentation easily available. I see this as a great complement to OWASP's goal to make application security visible.

The project has several other goals going forward:

  1. Provide a showcase for great OWASP tools and documentation
  2. Provide the best, freely distributable application security tools in an easy to use package
  3. Ensure that the tools provided are as easy to use as possible.
  4. Continue to add documentation and tools to the OWASP Live CD
  5. Continue to document how to use the tools and how the tool modules where created.
  6. Align the tools provided with the OWASP Testing Guide

There were also some design goals, particularly, this should be an environment which is

  • easy for the users to keep updated
  • easy for the project lead to keep updated
  • easy to produce releases
  • focused on just web application testing - not general Pen Testing.

(For general Pen Testing, the gold standard is Kali Linux.)

Original SoC Goals are still available for the curious.

The OWASP WTE project was originally started to update the previous OWASP Live CD 2007. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made the following releases:

  • the Portugal release (Dec 12, 2008)
  • the AustinTerrier release (Feb 10, 2009)
  • the AppSec EU release (May, 2009)

In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.

Several mini-releases have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.


For historical purposes, the original application for the SoC is available here for the curious.




Project Details

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Live CD Project

Purpose: This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite

License: GNU Free Documentation 1.2 for documents & GPL v3 for code

who is working on this project?
Project Leader: Matt Tesauro

Project Maintainer: Matt Tesauro

Project Contributor(s):

how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links: N/A

Project Health: Greenlight.png Level 1 Project (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Matt Tesauro to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
AppSecEU - May 2009 - (download)

Release Leader: Matt Tesauro

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0

last reviewed release
SoC Release - September 2008 - (download)


Release Leader: Matt Tesauro

Release details: Main links, release roadmap and assessment

Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release
To be reviewed under Assessment Criteria v2.0

other releases