Difference between revisions of "OWASP Web Testing Environment Project"

From OWASP
Jump to: navigation, search
(First pass at a re-write of the OWASP WTE project page)
(Convert the OWASP WTE page to the new project template)
Line 1: Line 1:
[[Category:OWASP Project|Live CD Project]]
+
=Main=
[[Category:OWASP Tool]]
+
[[Category:OWASP Download]]
+
[[Category:OWASP Release Quality Tool]]
+
[[Category:OWASP Live CD Project]]
+
  
= Overview =
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
  
[[Image:cdCoverLiveCDView.png|frame|Live CD Cover]]
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
 +
==OWASP WTE==
 +
 +
OWASP WTE, or OWASP Web Testing Environment, is a collection of application security tools and documentation available in multiple formats such as VMs, Linux distribution packages, Cloud-based installations and ISO images.
 +
 +
==Introduction==
 
The OWASP WTE project is an enhancement of the original [https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD Project] and expands the offering from a static Live CD ISO image to a collection of sub-projects.  Its primary goal is to
 
The OWASP WTE project is an enhancement of the original [https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD Project] and expands the offering from a static Live CD ISO image to a collection of sub-projects.  Its primary goal is to
  
<blockquote>Make application security tools and documentation easily available and easy to use</blockquote>
+
<blockquote>Make application security tools and documentation easily available and easy to use.</blockquote>
 +
 
 +
==Description==
  
At its heart, it is a collection of easy to use Application Security Tools and Documentation.  WTE has a variety of ways to distribute them:
+
At its heart, OWASP WTE is a collection of easy to use application security tools and documentation.  WTE has a variety of ways to distribute them:
 
* Virtual Machines for VMware, VirtualBox and Parallels
 
* Virtual Machines for VMware, VirtualBox and Parallels
 
* Invidividual Debian packages (.deb) which attempt to be Linux disto agnostic.   
 
* Invidividual Debian packages (.deb) which attempt to be Linux disto agnostic.   
Line 20: Line 24:
 
* Hosted on various Cloud providers
 
* Hosted on various Cloud providers
 
* Ala Carte mix-and-match installations for special purposes
 
* Ala Carte mix-and-match installations for special purposes
 
  
 
The project is focused at provding a ready environment for testers, developers or trainers to learn, enhance, demonstrate or use their application security skills.  Its been an active OWASP project since 2008 and has had over 300,000 downloads.
 
The project is focused at provding a ready environment for testers, developers or trainers to learn, enhance, demonstrate or use their application security skills.  Its been an active OWASP project since 2008 and has had over 300,000 downloads.
Line 26: Line 29:
 
Beyond the collection of tools from OWASP and other security projects, OWASP WTE has begun producing and including its own security tools, especially where there were no existing tools which fit a particular need.  
 
Beyond the collection of tools from OWASP and other security projects, OWASP WTE has begun producing and including its own security tools, especially where there were no existing tools which fit a particular need.  
  
 +
==Licensing==
  
= Project Goals =
+
OWASP WTE is free to use. Its licensing is dependant on several factors:
 +
* OWASP WTE created documenation is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 +
* OWASP WTE created software and tools are licensed under the [http://www.gnu.org/copyleft/gpl.html GPLv3] or later license.  You are free to use and modify this software as well as having the right to re-distribute this software as long as any changes you've made are contributed back to the project under the same license.  For questions, see the [http://www.gnu.org/licenses/gpl-faq.html GPL FAQ]
 +
* OWASP WTE packaged software and documentation is under the license of that project and/or software.  The only licensing constraint required by OWASP WTE is that the software is makes packages of must be free to redistrubute.
  
The overarching goal for this project is to make application security tools and documentation easily availableI see this as a great complement to OWASP's goal to make application security visible.
+
In short, you can use and share OWASP WTE as much as you want.  The only time you may have an obligation is when you modify and redistrubute OWASP WTEIf you are unsure, please ask the [OWASP WTE Mail list]
  
The project has several other goals going forward:
+
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
# Provide a showcase for great OWASP tools and documentation
+
# Provide the best, freely distributable application security tools in an easy to use package
+
# Ensure that the tools provided are as easy to use as possible.  
+
# Continue to add documentation and tools to the OWASP Live CD
+
# Continue to document how to use the tools and how the tool modules where created.
+
# Align the tools provided with the [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]
+
  
There were also some design goals, particularly, this should be an environment which is
+
== What is WTE? ==
* easy for the users to keep updated
+
* easy for the project lead to keep updated
+
* easy to produce releases
+
* focused on just web application testing - not general Pen Testing. 
+
  
(For general Pen Testing, the gold standard is [http://www.kali.org/ Kali Linux].)
+
OWASP WTE provides:
  
[http://mtesauro.com/livecd/index.php?title=Original_SoC_Goals Original SoC Goals] are still available for the curious.
+
* Virtual Machines
 +
** VMware/Parrallels .vmdk
 +
** VirtualBox .vdi
 +
** Open Virtualization Archive .ova
 +
* Linux Distribution packages
 +
** Debian .deb
 +
** RPM .rpm - ''coming soon''
 +
* Cloud-based installations
 +
* ISO images
  
= Main Links =
+
== Presentation ==
  
These are links to mostly off-site information while the project migrates more content to this page:<br />
+
Link to slideshare coming soon
<br />
+
<b>[http://www.appseclive.org/downloads/ Download Site]</b><br />
+
  
Current project source is at [http://code.google.com/p/owasp-wte/ Google Code]<br>
+
== Project Leader ==
GitHub repository will be at https://github.com/mtesauro/owasp-wte
+
A migration to GitHub is in process - expected to be complete during May 2014.
+
  
<!-- These need updating
+
[https://www.owasp.org/index.php/User:Mtesauro Matt Tesauro]
The following general documentation exists:<br />
+
*[http://appseclive.org/content/making-owasp-live-cd-using-slax how I created the live CD]
+
*[http://appseclive.org/content/owasp-live-cd-tutorials Using the Live CD / Tutorials(work in progress)]
+
*[http://appseclive.org/forum Forums for support and feature/tool requests]
+
-->
+
  
= Project history =
+
== Related Projects ==
  
The OWASP WTE project was originally started to update the previous [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2007_Project OWASP Live CD 2007]. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made the following releases:
+
* [https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD Project]
 +
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP ZAP]
  
* the Portugal release (Dec 12, 2008) 
+
== Ohloh ==
* the AustinTerrier release (Feb 10, 2009)
+
* the AppSec EU release (May, 2009)
+
  
In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.
+
* ''Coming Soon''
 +
<!-- [http://www.ohloh.net/orgs/OWASP OWASP Project Ohloh] -->
  
Several mini-releases have sprung from this project.  Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC.  These are either downloadable files or instructions on how to create the alternate delivery mechanisms.
 
  
 +
| valign="top"  style="padding-left:25px;width:200px;" |
  
For historical purposes, the original application for the SoC is available [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project here] for the curious.
+
== Quick Download ==
  
<!-- Wow, this is out of date
+
* [http://appseclive.org/downloads/ Downloads site]
The most recent presentation on the OWASP Live CD from AppSec EU 2009: ([http://www.owasp.org/images/4/46/AppSecEU09_OWASP_Live_CD-mtesauro.ppt PPT])
+
 
 +
== Email List ==
 +
 
 +
[OWASP WTE Mail list]
 +
 
 +
== News and Events ==
 +
 
 +
* ''Coming Soon''
 +
<!--* [20 Nov 2013] News 2
 +
* [30 Sep 2013] News 1-->
 +
 
 +
<!--== In Print ==
 +
 
 +
This project can be purchased as a print on demand book from Lulu.com
 
-->
 
-->
  
<!-- ==== Project Identification 1.0 ====
+
==Classifications==
{{:Project Identification:template Live CD 2008 Project}} />-->
+
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
 +
 
 +
|}
 +
 
 +
=FAQs=
 +
 
 +
''Coming Soon''
 +
<!--
 +
; Q1
 +
: A1
 +
 
 +
; Q2
 +
: A2
 +
-->
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
OWASP WTE is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* Kent Poots
 +
* Brad Causey
 +
* Drew Beebe
 +
 
 +
==Others==
 +
* David Hughes
 +
* Simon Bennetts
 +
* Achim Hoffmann
 +
* Your name here!
  
<!-- ==== Project Identification 2.0 - work in progress - 1====
+
Numerous others have provided feedback, suggestions, bugs and other assistance.  If you've been missed, please email matt.tesauro [at] owasp [dot] org and let him know.
{{Template:OWASP Live CD info}} />-->
+
  
<!-- ==== Project Identification 2.0 - work in progress - 2====
+
= Road Map and Getting Involved =
{{Key Project Information 2.0 - OWASP Live CD}} />-->
+
As of May 2014, the priorities are:
 +
* Adding support for RPM packages
 +
* GPG signing all packages
 +
* More support for Cloud-based installations
  
<!-- ==== Project Identification ====
+
Involvement in the development and promotion of OWASP WTE is actively encouraged!
{{Template:OWASP Live CD Project}} />-->
+
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* Use WTE and submit bugs, suggestion, feedback
 +
* Suggest tools, docs or something else to add to the project
 +
* Blog/Tweet/shout about WTE
 +
* Make a video on using WTE and let the project know about it
 +
* Ping the [OWASP WTE Mail list] for more ideas or with a suggestion
  
==== Project Details ====
+
=Project About=
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Identification Tab}}
+
{{:Projects/OWASP_Example_Project_About_Page}}
  
 +
__NOTOC__ <headertabs />
  
__NOTOC__
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
<headertabs/>
+

Revision as of 15:31, 24 May 2014

[edit]

OWASP Project Header.jpg

OWASP WTE

OWASP WTE, or OWASP Web Testing Environment, is a collection of application security tools and documentation available in multiple formats such as VMs, Linux distribution packages, Cloud-based installations and ISO images.

Introduction

The OWASP WTE project is an enhancement of the original OWASP Live CD Project and expands the offering from a static Live CD ISO image to a collection of sub-projects. Its primary goal is to

Make application security tools and documentation easily available and easy to use.

Description

At its heart, OWASP WTE is a collection of easy to use application security tools and documentation. WTE has a variety of ways to distribute them:

  • Virtual Machines for VMware, VirtualBox and Parallels
  • Invidividual Debian packages (.deb) which attempt to be Linux disto agnostic.
    • Tested against Ubuntu, Debian, Mint, Kali, etc.
  • A bootable ISO image
  • Hosted on various Cloud providers
  • Ala Carte mix-and-match installations for special purposes

The project is focused at provding a ready environment for testers, developers or trainers to learn, enhance, demonstrate or use their application security skills. Its been an active OWASP project since 2008 and has had over 300,000 downloads.

Beyond the collection of tools from OWASP and other security projects, OWASP WTE has begun producing and including its own security tools, especially where there were no existing tools which fit a particular need.

Licensing

OWASP WTE is free to use. Its licensing is dependant on several factors:

  • OWASP WTE created documenation is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  • OWASP WTE created software and tools are licensed under the GPLv3 or later license. You are free to use and modify this software as well as having the right to re-distribute this software as long as any changes you've made are contributed back to the project under the same license. For questions, see the GPL FAQ
  • OWASP WTE packaged software and documentation is under the license of that project and/or software. The only licensing constraint required by OWASP WTE is that the software is makes packages of must be free to redistrubute.

In short, you can use and share OWASP WTE as much as you want. The only time you may have an obligation is when you modify and redistrubute OWASP WTE. If you are unsure, please ask the [OWASP WTE Mail list]

What is WTE?

OWASP WTE provides:

  • Virtual Machines
    • VMware/Parrallels .vmdk
    • VirtualBox .vdi
    • Open Virtualization Archive .ova
  • Linux Distribution packages
    • Debian .deb
    • RPM .rpm - coming soon
  • Cloud-based installations
  • ISO images

Presentation

Link to slideshare coming soon

Project Leader

Matt Tesauro

Related Projects

Ohloh

  • Coming Soon


Quick Download

Email List

[OWASP WTE Mail list]

News and Events

  • Coming Soon


Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Coming Soon

Volunteers

OWASP WTE is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Kent Poots
  • Brad Causey
  • Drew Beebe

Others

  • David Hughes
  • Simon Bennetts
  • Achim Hoffmann
  • Your name here!

Numerous others have provided feedback, suggestions, bugs and other assistance. If you've been missed, please email matt.tesauro [at] owasp [dot] org and let him know.

As of May 2014, the priorities are:

  • Adding support for RPM packages
  • GPG signing all packages
  • More support for Cloud-based installations

Involvement in the development and promotion of OWASP WTE is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Use WTE and submit bugs, suggestion, feedback
  • Suggest tools, docs or something else to add to the project
  • Blog/Tweet/shout about WTE
  • Make a video on using WTE and let the project know about it
  • Ping the [OWASP WTE Mail list] for more ideas or with a suggestion

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: Place your project name here.
Purpose: Project description goes here. Make sure to add a description that outlines how this project advances software security.
License: Place your license choice here: OWASP Recommended Licenses
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: [This is the full link to the mailing list (e.g. https://lists.owasp.org/mailman/listinfo/owasp-example-project) Mailing List Archives]
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases