Tiger User Manual

From OWASP
Revision as of 19:08, 4 February 2007 by Boris (Talk | contribs)

Jump to: navigation, search

Contents

Managing Projects

What is a Tiger Project?

Tiger project is a logical grouping of test targets and tests to be performed as a whole. Each Tiger project consists of zero or more targets, each containing zero or more tests (although projects without any targets and tests are not very meaningful).

Starting a New Project

A blank project is created automatically when you start Tiger. If you need to create a project based on a project template, or simply another blank project, do this:

  • To create a project based on a project template, from the File menu, select New.
  • To create a blank project, click the New button on the toolbar, or press Ctrl+N. Alternatively, from the File menu, select New and choose the "Blank Project" template.

Opening an Existing Project

To open an existing project, either

  • Click the Open toolbar button, or
  • From the File menu, select Open

Tiger projects have the .tgp file extension.

Saving Your Project

To save your project, either

  • Click the Save toolbar button, or
  • From the File menu, select Save (to save the project using its current file name and location) or Save As (to save the project under a new name and/or at a new location)

Saving Your Project as a Project Template

You can also save your project as a template. That way, you and other users can quickly create new projects based on your project. After your template is imported (currently, there is no GUI for this, just place your .tgpt file in the Project Templates subfolder), it will appear in the New Project dialog (displayed when you select New from the File menu, or press Ctrl+N) and new projects can easily be created based on it.

Note: Typically, users will want to run the same tests, but not on the same servers as you did in your project, so it’s a good idea to clear the Path properties of your project targets before saving the project as a template.

Tiger currently ships with the Tiger ASP.NET Module template, which contains tests for some well known ASP.NET 2.0 vulnerabilites.

Managing Targets

What is a Tiger Target?

Tiger target is a web site or virtual directory upon which tests are to be performed. Each target contains zero or more tests to be performed. Essentially, target is defined by its path (a http or https prefixed URL, without the document name, query and fragment. If needed, all of those can be provided at the test level).

Each project can contain multiple targets, and each target can contain multiple tests.

Adding a Target

You can add targets to your project by

  • Selecting Add Target from the Project menu
  • Right-clicking the project node in the Project Explorer, and selecting Add Target from the shortcut menu that appears.

Configuring a Target

Path

The Path property of the target object must be set to a valid http or https scheme URL of the web site or virtual directory containing tests to be executed. Otherwise, you won’t be able to run the project.

Additionally, the Tests collection should contain one or more Test objects. Although technically possible, creating a target with no associated tests does not make much sense (unless, of course, you plan to add tests later).