Project Information:template Live CD 2008 Project - 50 Review - First Reviewer - C

De OWASP
Saltar a: navegación, buscar

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Live CD 2008 Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The stated goals for this project are:

  1. Move from Morphix to SLAX
  2. Get SLAX to have an equal number of tools as had existed in the Live CD 2007 (updating tools where necessary)
  3. Add OWASP branding to SLAX
  4. Add additional, quality tools
  5. Document the Live CD, both how it was created and general documentation (e.g. OWASP Testing Guide).

REVIEW

  • No problems have been encountered booting and testing the SLAX Live CD on multiple platforms.
  • Parity of tools between the Live CD 2007 and Live CD 2008 has been accomplished.
  • The look and feel of the Live CD 2008 follows the developers intent of OWASP branding SLAX.
  • In discussions with the developer concerning the tools and documentation to be added to the Live CD 2008, the timeline is aggressive, but reasonable.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

REVIEW

  1. Move to SLAX = 100%
  2. Tool parity with 2007 Live CD = 100%
  3. OWASP Branding = 100%
  4. Additional Tools
    1. Planning = 25%
    2. Implementation = 0%
  5. Documentation
    1. Planning = 25%
    2. Implementation = 0%

3. Please do use the right hand side column to provide advice and make work suggestions.

Very good initial effort!

Regarding Metasploit and other popular tools that are not web-centric, I agree with the developer. These tools should be made available, but in a MISCELLANEOUS or OTHER sub-menu. While the purpose is not to compete with BackTrack and other penetration testing distributions, some tools are ubiquitous enough to be expected on any pentest platform. The focus is still, as it should be, on web application testing.

As per our discussions, I concur that the tools listed in the OWASP Testing Guide should receive priority for implementation with additional tools being added on a time/resource/licensing basis.