Difference between revisions of "Projects/OWASP Watcher Project"

From OWASP
Jump to: navigation, search
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Project About
+
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
 
| project_name = OWASP Watcher Project
 
| project_name = OWASP Watcher Project
 
| project_home_page = OWASP Fiddler Addons for Security Testing Project
 
| project_home_page = OWASP Fiddler Addons for Security Testing Project
Line 16: Line 16:
  
 
| leader_name1 = Chris Weber
 
| leader_name1 = Chris Weber
| leader_email1 = chrisweber@live.com
+
| leader_email1 = chris.weber@owasp.org
| leader_username1 = Chrisweber
+
| leader_username1 = ChrisWeber
  
 
| contributor_name[1-10] =  
 
| contributor_name[1-10] =  
Line 31: Line 31:
 
| project_road_map = http://www.owasp.org/index.php/Projects/OWASP_Watcher_Project/Roadmap
 
| project_road_map = http://www.owasp.org/index.php/Projects/OWASP_Watcher_Project/Roadmap
  
| links_url1 =  
+
| links_url1 = http://websecuritytool.codeplex.com/wikipage?title=Checks
| links_name1 =  
+
| links_name1 = Descriptions of the security checks
 +
 
 +
| links_url2 = http://websecuritytool.codeplex.com/documentation?referringTitle=Home
 +
| links_name2 = Detailed Documentation
 +
 
 +
| links_url3 = http://websecuritytool.codeplex.com/releases/view/22212
 +
| links_name3 = Download link
 +
 
  
 
| release_1 = Watcher v1.5.0
 
| release_1 = Watcher v1.5.0
Line 39: Line 46:
 
| release_3 =
 
| release_3 =
 
| release_4 =
 
| release_4 =
 +
<!--- The line below is for GPC usage only. Please do not edit it --->
 +
| project_about_page = Projects/OWASP Watcher Project
 +
 
}}
 
}}

Latest revision as of 12:41, 18 April 2011

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Watcher Project (home page)
Purpose: Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

  • Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer);
  • Works seamlessly with complex Web 2.0 applications while you drive the Web browser;
  • Non-intrusive, will not raise alarms or damage production sites;
  • Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS);
  • Configurable domains with wildcard support;
  • Extensible framework for adding new checks.
License: New BSD
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Watcher v1.5.0 - Nov 17 2010 - (download)
Release description: Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases