OWASP - User contributions [en]

OWASP .NET Recommended Resources

2013-11-05T21:48:14Z

Daniel Brzozowski:

{| align="right" class="wikitable"
|-
! OWASP .NET Quick Reference
|-
|
*[[OWASP Code Review Project]] 
*[[OWASP Testing Guide]] 
|-
|}
==OWASP .NET Recommended Resources==

===Areas of Concern===

*Getting Started

*Tutorials

*Best Practices

*OWASP Guidance and Tools

===Blogs & People===

===== OWASP =====
[https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]

==== General ====
[http://securitybuddha.com/ Mark Curphrey's Blog]

[http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]

[http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]

[http://www.leastprivilege.com Dominick Baier's Blog]

[http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]

[http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]

===Advisories, Articles & Projects===

[http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]

[http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]

[http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]

[http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]

[http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]

[http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]

[http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]

[http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]

[http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]

[http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]

[http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]

===Online References, Training===

[http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]

[http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]

[http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]

[http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]

[http://www.pluralsight.com/main/olt/Module.aspx?a=keith-brown&n=aspdotnet-security&cn=aspdotnet-fundamentals ASP.NET Security Webcasts - Kieth Brown]

[http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html OWASP Top 10 for .NET developers - Troy Hunt]

===Books and Publications===

[http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc

[http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]

[http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy

[http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

[http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom

[http://securitydriven.net/ Security Driven .NET], Stan Drapkin

===Tools===

[http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]

[http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]

[http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]

[http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]

[http://learn.iis.net/page.aspx/473/using-urlscan URLScan]

[http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]

[http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]

[http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]

File:O2 Logo no Shadow.jpg

2011-06-10T10:11:49Z

Daniel Brzozowski: Logo of O2 (no shadow)

Logo of O2 (no shadow)

User:Daniel Brzozowski

2011-02-26T20:41:04Z

Daniel Brzozowski: updating information

==Bio==
Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news.

==OWASP Activity==
'''February, 2011 - NOW:''' OWASP .NET Project Leader 
'''January, 2011 - NOW:''' OWASP WebScarab-NG Project Leader 
'''2010 - NOW:''' OWASP Member

==OWASP related activity==
'''December 7, 2010:''' Talk about web penetration testing on Quotium's behalf during TestExpo Winter 2010 in London, UK. 
'''October 18, 2010:''' Talk about web penetration testing during TestWarez 2010 in Bydgoszcz, Poland.

==Links==
[http://uk.linkedin.com/in/brzozowski LinkedIn profile]

OWASP Trainers/Volunteer 27

2011-02-24T00:35:09Z

Daniel Brzozowski: Adding myself to OWASP training

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Trainers Volunteers Tab</noinclude>
|-
| trainer_name1 = Daniel Brzozowski
| trainer_email1 = daniel@brzozowski.biz
| trainer_wiki_username1 = Daniel Brzozowski
|-
| project_interested_in_presenting = OWASP Top 10, OWASP O2 Platform, OWASP WebScarab-NG and other open source pentest tools
|-
| project_already_presented_name1 = OWASP Top 10
| project_already_presented_url_1 = http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
| project_already_presented_name2 = OWASP WebScarab
| project_already_presented_url_2 = http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
| project_already_presented_name3 = OWASP WebScarab-NG
| project_already_presented_url_3 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| project_already_presented_name4 =
| project_already_presented_url_4 =
| project_already_presented_name5 =
| project_already_presented_url_5 =
|-
| current_location = London, UK
|-
| trainer_name_mask =  Volunteer_27
| trainer_home_page =  OWASP_Trainers/Volunteer_27
}}

Summit 2011 Working Sessions/Session094

2011-02-06T19:06:20Z

Daniel Brzozowski: Adding myself to the session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Tony UcedaVelez
| summit_session_attendee_email1 = tonyuv@owasp.org
| summit_session_attendee_username1 = Tony UcedaVelez
| summit_session_attendee_company1= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = John Menerick
| summit_session_attendee_email2 = jmenerick@netsuite.com
| summit_session_attendee_username2 = John Menerick
| summit_session_attendee_company2= NetSuite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= (remote)

| summit_session_attendee_name3 = Daniel Brzozowski
| summit_session_attendee_email3 = daniel@brzozowski.biz
| summit_session_attendee_username3 = Daniel Brzozowski
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
|-
| summit_track_logo = [[Image:T._mitigation.jpg]]
| summit_ws_logo = [[Image:WS._mitigation.jpg]]
| summit_session_name = Microsoft's SDL in 16 steps (and lessons learned)
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session094
| mailing_list =

|-

| short_working_session_description= This OWASP Working Session will explore the Simplified SDL and its 16 security practices and implementation guidance (see reference materials below). The Simplified SDL is a platform-agnostic process for implementing proven application security practices in any size organization.
This working group will discuss the feasibility of create one or more practical, platform-specific resource libraries for each of the security practices in the 16 steps of the Simplified SDL. Further, we will discuss prioritization of the 16 Practices for organizations to implement security in an incremental fashion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Discuss additional reference materials and identifying publicly-available tools targeting a variety of platforms (web, OSX, Unix, mobile platforms, etc) in an effort to provide practical, platform-specific implementation guidance for each of the security practices in the 16 Steps of the Simplified SDL.

| summit_session_objective_name2 = Define the practical “crawl/walk/run” steps for adopting the 16 Practices of the Simplified SDL for development organizations of any size.

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =
Reference materials: [http://go.microsoft.com/?linkid=9708425 Simplified SDL paper] & [http://blogs.msdn.com/b/sdl/archive/2011/01/26/only-16-security-practices-implementation-guidance-included.aspx 16 Steps blog post].

|-

|summit_session_deliverable_name1 = Identify 1-2 target platforms and potential locations for a library of platform-specific guidance and tools associated with each of the 16 practices of the Simplified SDL.

|summit_session_deliverable_name2 = Identify OWASP contributors who are willing to help build the content for #1.

|summit_session_deliverable_name3 = Define the practical “crawl/walk/run” steps for adopting the 16 Practices of the Simplified SDL for development organizations of any size.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Jeremy Dallman
| summit_session_leader_email1 = jdallman@exchange.microsoft.com
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session094
| session_home_page =  Summit_2011_Working_Sessions/Session094
}}

Summit 2011 Working Sessions/Session053

2011-02-06T19:05:14Z

Daniel Brzozowski: Adding myself to the session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Mateo Martinez
| summit_session_attendee_email1 = mateo.martinez@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Daniel Brzozowski
| summit_session_attendee_email2 = daniel@brzozowski.biz
| summit_session_attendee_username2 = Daniel Brzozowski
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = OWASP Java Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053
| mailing_list =

| short_working_session_description= The OWASP Java Project needs to be restarted. This session will attempt to gather momentum aroungd the project again.

|-

| related_project_name1 = OWASP Java Project
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Java_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Restart the Java project

| summit_session_objective_name2 = Find new leadership

| summit_session_objective_name3 = Recruit volunteers

| summit_session_objective_name4 = Build a new Roadmap for the project

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = Everybody is a Participant

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = The presence of participants on the Working Session [[Summit 2011 Working Sessions/Session085|'''Common structure and numbering for all guides''']] is advisable.

|-

|summit_session_deliverable_name1 = An updated outline for the Java project that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A committed project manager who can reach out to experts to get the project documents completed.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Lucas C. Ferreira
| summit_session_leader_email1 = lucas.ferreira@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session053
| session_home_page =  Summit_2011_Working_Sessions/Session053
}}

Summit 2011 Working Sessions/Session205

2011-02-03T22:13:21Z

Daniel Brzozowski: Updating session info

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = OWASP .NET Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205
| mailing_list =

|-

| short_working_session_description = Discussion on the process of restarting OWASP .NET Project.

|-

| related_project_name1 = OWASP Top 10
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

| related_project_name2 = OWASP O2 Platform
| related_project_url_2 = http://www.owasp.org/index.php/OWASP_O2_Platform

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Restart OWASP .NET Project.

| summit_session_objective_name2 = Create/Update project roadmap.

| summit_session_objective_name3 = Define new project structure (i.e. subprojects).

| summit_session_objective_name4 = Involve new people in this project.

| summit_session_objective_name5 =

|-

| working_session_date_and_time = preferably 3r or 4th day of summit

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = OWASP .NET Project plan - white paper with the new vision of the project.

|summit_session_deliverable_name2 = Updated OWASP .NET Project wiki page.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Daniel Brzozowski
| summit_session_leader_email1 = daniel@brzozowski.biz
| summit_session_leader_username1 = Daniel Brzozowski

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session205
| session_home_page =  Summit_2011_Working_Sessions/Session205
}}

Summit 2011 Working Sessions/Session205

2011-02-03T22:08:29Z

Daniel Brzozowski: Updating session info

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = OWASP .NET Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205
| mailing_list =

|-

| short_working_session_description = Discussion on the process of restarting OWASP .NET Project.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Restart OWASP .NET Project.

| summit_session_objective_name2 = Create/Update project roadmap.

| summit_session_objective_name3 = Define new project structure (i.e. subprojects).

| summit_session_objective_name4 = Involve new people in this project.

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = OWASP .NET Project plan - white paper with the new vision of the project.

|summit_session_deliverable_name2 = Updated OWASP .NET Project wiki page.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Daniel Brzozowski
| summit_session_leader_email1 = daniel@brzozowski.biz
| summit_session_leader_username1 = Daniel Brzozowski

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session205
| session_home_page =  Summit_2011_Working_Sessions/Session205
}}

Summit 2011 Working Sessions/Session205

2011-02-03T20:40:51Z

Daniel Brzozowski: Correcting e-mail

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = OWASP .NET Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205
| mailing_list =

|-

| short_working_session_description =

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Daniel Brzozowski
| summit_session_leader_email1 = daniel@brzozowski.biz
| summit_session_leader_username1 = Daniel Brzozowski

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session205
| session_home_page =  Summit_2011_Working_Sessions/Session205
}}

Project Information:template .NET Project

2011-02-03T01:04:38Z

Daniel Brzozowski: Updating project leader.

{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="7" style="width:85%; background:#cccccc" align="left"|'''OWASP .NET Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="7" style="width:85%; background:#cccccc" align="left"|The project will contain information, materials and software that are relevant to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services including:
* Architectural guidance,
* Developer tools, information and checklists,
* IT professional content (for those that deploy and maintain .NET websites),
* Penetration testing resources,
* Incident response resources.
The OWASP .NET Project Leader will actively recruit .NET contributors, including personnel from Microsoft, but others throughout the .NET ecosystem. Including experts from communities from large companies to ISVs, from enterprise architects to ALT.NET developers will be important for the overall reach of the OWASP .NET project. Other communities to consider include developers who use Mono (.NET for Linux), including Moonlight (Silverlight for Linux).
The OWASP .NET Project Leader will actively contribute to the OWASP projects that require .NET resources, by recruiting resources or contributing to the project.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [[User:Daniel Brzozowski|'''Daniel Brzozowski''']]
| style="width:15%; background:#cccccc" align="center"|Project Contributors (if any)
| style="width:10%; background:#cccccc" align="center"|Mailing list [https://lists.owasp.org/mailman/listinfo/owasp-dotnet '''Subscribe here'''] [mailto:owasp-dotnet(at)lists.owasp.org@lists.owasp.org '''Use here''']
| style="width:17%; background:#cccccc" align="center"|License [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
| style="width:14%; background:#cccccc" align="center"|Project Type [http://www.owasp.org/index.php/Category:OWASP_Project#tab=Release_Quality_Projects '''Documentation''']
| style="width:15%; background:#cccccc" align="center"|Sponsors [[OWASP Summer of Code 2008|'''OWASP SoC 08''']]
|}
{| style="width:100%" border="0" align="center"
! align="center" style="background:#7B8ABD; color:white"|'''Release Status'''
! align="center" style="background:#7B8ABD; color:white"|'''Main Links'''
! align="center" style="background:#7B8ABD; color:white"|'''Related Projects'''
|-
| style="width:29%; background:#cccccc" align="center"|
[[:Category:OWASP_Project_Assessment#Release_Quality_Documentation_Criteria|'''Release Quality''']] [[:OWASP .NET Project - Assessment Frame|Please see here for complete information.]]
| style="width:42%; background:#cccccc" align="center"|
[http://www.owasp.org/images/0/00/OWASP_dotNet_2008.pptx OWASP .Net Project PowerPoint Presentation] [https://www.owasp.org/index.php/Category:OWASP_.NET_Project OWASP .NET] [http://owasprox.blogspot.com/ Tracking Blog for OWASP .NET Project Lead]
| style="width:29%; background:#cccccc" align="center"|
[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]] [[OWASP Testing Guide]] [[.Net Assembly Analyzer]] [[OWASP WebGoat Project]] [[OWASP WebScarab Project]] [http://code.google.com/p/owasp-net-content/ OWASP .NET Content Project]
|}

Summit 2011 Working Sessions/Session069

2011-02-02T00:05:20Z

Daniel Brzozowski: Adding myself to the session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Jason Taylor
| summit_session_attendee_email3 = jtaylor@securityinnovation.com
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Achim Hoffmann
| summit_session_attendee_email4 = achim@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Carlos Serrão
| summit_session_attendee_email5 = carlos.serrao@iscte.pt
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Konstantinos Papapanagiotou
| summit_session_attendee_email6 = Konstantinos@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Vishal Garg
| summit_session_attendee_email7 = vishalgrg@gmail.com
| summit_session_attendee_username7 =
| summit_session_attendee_company7= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Mateo Martinez
| summit_session_attendee_email8 = mateo.martinez@owasp.org
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Daniel Brzozowski
| summit_session_attendee_email9 = daniel@brzozowski.biz
| summit_session_attendee_username9 = Daniel Brzozowski
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP TOP 10 online training in Hacking-Lab
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069
| mailing_list =

|-

| short_working_session_description= We would like to open an OWASP TOP 10 online training in Hacking-Lab. This training will likely have the following pre-conditions:
* OWASP top 10 training (all cases are covered)
* Trainer feature for some well-known, trustworthy OWASP members
* Access to the solution videos of the OWASP TOP 10 issues
* Branding the OWASP Hacking-Lab Event in an OWASP-style
* OWASP Certificate for those receiving full points to all lab cases

|-

| related_project_name1 = Hacking Lab
| related_project_url_1 = http://www.hacking-lab.com

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= To learn more about the OWASP TOP 10 cases in Hacking-Lab - Vulnerable Apps in HL

| summit_session_objective_name2 = Experience the users's view of a training - lab descriptions, exercises, send-solution, ranking, global ranking, my profile

| summit_session_objective_name3 = Experience the teacher's view of a training - solution movies, accpet or reject solutions from users, solution movie

| summit_session_objective_name4 = Experience the Hacking-Lab LiveCD (accessing the lab), teaming, levels in HL, avatar, rankings

| summit_session_objective_name5 = Talk about a potential collaboration between OWASP and Hacking-Lab for the future. Free OWASP TOP 10 training.

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Proposed agenda: 

We will talk about Hacking-Lab, it's core services and digg into the users and teachers view of the portal page. You will experience the full features of the Hacking-Lab training infrastructure for being prepared, if Hacking-Lab could be a valuable service for a free OWASP TOP 10 training in the future.

a) introduction hacking-lab 
b) user view 
c) teacher view 
d) hands-on training with the livecd 

This way - everybody fully understands the available *service* in
question and we can then further negotiate the collaboration if this is
something OWASP want to digg into.

|-

|summit_session_deliverable_name1 = A plan to create free awesome OWASP T10 awareness training using HL and others. Integrate the various environments and create a prototype if possible.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Ivan Buetler
| summit_session_leader_email1 = ivan.buetler@csnc.ch

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session069
| session_home_page =  Summit_2011_Working_Sessions/Session069
}}

Summit 2011 Working Sessions/Session042

2011-02-02T00:03:33Z

Daniel Brzozowski: Adding myself to the session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Martin Knobloch
| summit_session_attendee_email1 = martin.knobloch@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Nishi Kumar
| summit_session_attendee_email2 = nishi.kumar@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Jason Taylor
| summit_session_attendee_email3 = jtaylor@securityinnovation.com
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Carlos Serrão
| summit_session_attendee_email4 = carlos.serrao@iscte.pt
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Konstantinos Papapanagiotou
| summit_session_attendee_email5 = Konstantinos@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Daniel Brzozowski
| summit_session_attendee_email6 = daniel@brzozowski.biz
| summit_session_attendee_username6 = Daniel Brzozowski
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = Developer's Security Training Package
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042
| mailing_list =

|-

| short_working_session_description= Compile a set of documents and slides to assist in the delivery of a security training class for developers

|-

| related_project_name1 = OWASP Development Guide, OWASP Secure Coding Practices - Quick Reference Guide, OWASP Enterprise Security API (ESAPI) Project,
| related_project_url_1 =

| related_project_name2 = OWASP Code Review Guide,
| related_project_url_2 =

| related_project_name3 = OWASP Application Security Verification Standard Project,
| related_project_url_3 =

| related_project_name4 = OWASP Testing Guide,
| related_project_url_4 =

| related_project_name5 = OWASP Top Ten Project
| related_project_url_5 =

|-

| summit_session_objective_name1= To create an organized package that can be used by companies for the purposes of educating developers on securely coding web applications and web services

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A curriculum for the above based on OWASP materials and a plan to build it out.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Brad Causey
| summit_session_leader_email1 = bradcausey@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-

| session_name_mask =  Session042
| session_home_page =  Summit_2011_Working_Sessions/Session042
}}

Summit 2011 Working Sessions/Session022

2011-02-01T23:53:18Z

Daniel Brzozowski: Adding myself to session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Chris Schmidt
| summit_session_attendee_email2 = chris.schmidt@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2= Aspect Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mark Bristow
| summit_session_attendee_email3 = mark.bristow@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3= Securicon LLC
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Daniel Brzozowski
| summit_session_attendee_email4 = daniel@brzozowski.biz
| summit_session_attendee_username4 = Daniel Brzozowski
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg‎]]
| summit_ws_logo = [[Image:WS._owasp.jpg‎]]
| summit_session_name = What is an OWASP Leader?
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022
| mailing_list =
|-

| short_working_session_description=

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Define what it means to be an OWASP Leader

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Definition of critera for OWASP Leaders

|summit_session_deliverable_name2 = A standard defining exactly what characterizes an OWASP Leader, for use in providing benefits and prioritizing support.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Dinis Cruz
| summit_session_leader_email1 = dinis.cruz@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-

| session_name_mask =  Session022
| session_home_page =  Summit_2011_Working_Sessions/Session022
}}

Summit 2011 Working Sessions/Session063

2011-02-01T23:46:08Z

Daniel Brzozowski: Adding myself to session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Jason Taylor
| summit_session_attendee_email2 = jtaylor@securityinnovation.com
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Steven van der Baan
| summit_session_attendee_email3 = steven.van.der.baan@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Sherif Koussa
| summit_session_attendee_email4 = sherif.koussa@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Daniel Brzozowski
| summit_session_attendee_email5 = daniel@brzozowski.biz
| summit_session_attendee_username5 = Daniel Brzozowski
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = O2 Platform
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| mailing_list =

|-

| short_working_session_description=

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Maybe a simple user’s guide that shows how to install, configure, and use O2 to do a few simple common things. Alternatively, how about detailed workflows for the more complex features?

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Dinis Cruz
| summit_session_leader_email1 = dinis.cruz@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session063
| session_home_page =  Summit_2011_Working_Sessions/Session063
}}

Summit 2011 Working Sessions/Session040

2011-02-01T23:42:43Z

Daniel Brzozowski: Adding myself to session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Martin Knobloch
| summit_session_attendee_email1 = martin.knobloch@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Paulo Coimbra
| summit_session_attendee_email2 = paulo.coimbra@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Dinis Cruz
| summit_session_attendee_email3 = dinis.cruz@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Nishi Kumar
| summit_session_attendee_email4 = nishi.kumar@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Cecil Su
| summit_session_attendee_email5 = cecil.su@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Heiko Richler
| summit_session_attendee_email6 = heiko.richler@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Lucas C. Ferreira
| summit_session_attendee_email7 = lucas.ferreira@owasp.org
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Jason Taylor
| summit_session_attendee_email8 = jtaylor@securityinnovation.com
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Mateo Martinez
| summit_session_attendee_email9 = mateo.martinez@owasp.org
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Konstantinos Papapanagiotou
| summit_session_attendee_email10 = konstantinos@owasp.org
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= Present the "Hackademic" challenges and our experience from Greece

| summit_session_attendee_name11 = Carlos Serrão
| summit_session_attendee_email11 = carlos.serrao@iscte.pt
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Matteo Meucci
| summit_session_attendee_email12 = matteo.meucci@owasp.org
| summit_session_attendee_username12 =
| summit_session_attendee_company12= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Elke Roth-Mandutz
| summit_session_attendee_email13 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_username13 =
| summit_session_attendee_company13= GSO-University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Daniel Brzozowski
| summit_session_attendee_email14 = daniel@brzozowski.biz
| summit_session_attendee_username14 = Daniel Brzozowski
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP Academies
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040
| mailing_list = [https://lists.owasp.org/mailman/listinfo/owasp-academies OWASP Academies mailing list]

|-

| short_working_session_description= This session aims to present and promote the discussion and consolidation of the OWASP Academies model proposed in January to support OWASP's strategy of penetrating and influencing the Academy – OWASP Academy Portal Project.
|-

| related_project_name1 = OWASP Academy Portal Project
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Academy_Portal_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-
| summit_session_objective_name1 = Presentation of the discussion had in January – what were we looking for, what conclusions were reached and why;
| summit_session_objective_name2 = The OWASP Academic Portal Project – what is it, advantages, contributors, roadmap;
| summit_session_objective_name3 = Alternative ways of working with Universities when possible – Summer School proposal (ISCTE);
| summit_session_objective_name4 = OWASP Appsec Tutorial Series – How to best disseminate it and use it.
| summit_session_objective_name5 =
|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Please see the '''[[Talk:Summit 2011 Working Sessions/Session040|Discussion]]''' page.

|-

|summit_session_deliverable_name1 = Deliver the above as a fundable business plan complete with financial and resource requirements, timelines, metrics, etc…

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Sandra Paiva
| summit_session_leader_email1 = sandra.paiva@owasp.org
| summit_session_leader_username1 = Sandra Paiva

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session040
| session_home_page =  Summit_2011_Working_Sessions/Session040
}}

Summit 2011 Working Sessions/Session039

2011-02-01T23:41:05Z

Daniel Brzozowski: Adding myself to session

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Dinis Cruz
| summit_session_attendee_email1 = dinis.cruz@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Matthew Chalmers
| summit_session_attendee_email2 = matthew.chalmers@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Jeremy Long
| summit_session_attendee_email4 = jeremy.long@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Matteo Meucci
| summit_session_attendee_email5 = matteo.meucci@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Seba Deleersnyder
| summit_session_attendee_email6 = seba@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6= SAIT Zenitel
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Daniel Brzozowski
| summit_session_attendee_email7 = daniel@brzozowski.biz
| summit_session_attendee_username7 = Daniel Brzozowski
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP Certification
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039
| mailing_list =

|-

| short_working_session_description= This session aims to establish the model by which an certification/exam based on OWASP materials could be created. The topics of discussion will include:
* What is a workable/acceptable certification model for OWASP's Community?
* What types of certification should there be?
* What would a CC-licensed certification exam look like (as executed by others)?
* Since OWASP is not interested or able to administer certifications itself who could run/administer such CC certifications/exams?
* What should OWASP's official position be on entities that provide OWASP based certifications?

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Determine whether certification would have value for OWASP's Community

| summit_session_objective_name2 = Determine a model by which certification based on OWASP materials could succeed

| summit_session_objective_name3 = Determine a model for creation and distribution of a CC-licensed certification exam based on OWASP materials

| summit_session_objective_name4 = (if agreed) Determine a model for supporting the administration of certification based on OWASP Materials

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A business plan for evaluation by the community at large.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 =
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-
| meeting_notes =

|-
| session_name_mask =  Session039
| session_home_page =  Summit_2011_Working_Sessions/Session039
}}

User:Daniel Brzozowski

2011-01-31T23:20:32Z

Daniel Brzozowski: Updating personal info

==Bio==
Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news.

==OWASP Activity==
'''January, 2011 - NOW:''' OWASP WebScarab-NG Project Leader 
'''2010 - NOW:''' OWASP Member

==OWASP related activity==
'''December 7, 2010:''' Talk about web penetration testing on Quotium's behalf during TestExpo Winter 2010 in London, UK. 
'''October 18, 2010:''' Talk about web penetration testing during TestWarez 2010 in Bydgoszcz, Poland.

==Links==
[http://uk.linkedin.com/in/brzozowski LinkedIn profile]

User:Daniel Brzozowski

2011-01-31T23:16:08Z

Daniel Brzozowski: Updating personal info

==Bio==
Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news.

==OWASP Activity==
'''January, 2011 - NOW:''' OWASP WebScarab-NG Project Leader 
'''2010 - NOW:''' OWASP Member

==OWASP related activity==
'''December 7, 2010:''' Talk about web penetration testing on Quotium's behalf during TestExpo Winter 2010 in London, UK. 
'''October 18, 2010:''' Talk about web penetration testing during TestWarez 2010 in Bydgoszcz, Poland.

File:OWASP WebScarab logo.gif

2011-01-29T16:25:19Z

Daniel Brzozowski: uploaded a new version of "File:OWASP WebScarab logo.gif": New WebScarab NG logo

logo of OWASP WebScarab Project

File:OWASP WebScarab logo.gif

2011-01-28T19:44:31Z

Daniel Brzozowski: uploaded a new version of "File:OWASP WebScarab logo.gif": New version of OWASP WebScarab NG logo.

logo of OWASP WebScarab Project

OWASP WebScarab NG Project

2011-01-28T15:37:12Z

Daniel Brzozowski: Adding new category - Tool category

{{:OWASP_WebScarab_NG_Project_Summary}}

==New User Interface==

As mentioned above, the user interface has changed quite a lot from the old WebScarab. Apart from the new default Look&Feel (JGoodies), you will see that the conversation viewer has changed quite a lot. The old "Raw" view is still there, but the Parsed version has changed quite dramatically - for the better, I hope you'll agree!

The Parsed view now shows the request and response details in a tree form, rather than in individual text boxes. This makes the interface look a lot cleaner, and more importantly, is a lot more compact. It also makes it a lot easier to include features like automatically breaking out URL parameters, and multiple cookies into their own nodes, where it is a lot easier to view the individual parameters. We also show the request and the response next to each other, rather than one above the other, since most people seem to have more horizontal real-estate than vertical. The split between request and response can easily be adjusted by dragging, as can the split between the headers and the message content.

[[Image:WebScarab-NG-default.png]]

==Current status==

At this stage, WebScarab-NG primary feature is the intercepting proxy that allows the operator to observe and modify requests from a browser or other client passing through the proxy. A new feature is the Proxy Control Bar, which is implemented as a "stays on top" tool bar that floats above your browser or other thick client, and allows you to quickly enable or disable request intercepts. It also allows you to annotate or describe the requests as they pass through the proxy. If you type some text into the annotation field, that text will be linked to the next conversation that passes through the proxy, and can later be viewed as part of the conversation history. this can be very helpful to keep track of what you were doing in a multi-step procedure.

For example: Selecting a menu item, entering a value, submitting that value, etc. Often sites are built in such a way that they can result in dozens of conversations resulting from a single action. Annotating that conversation that initiated all the rest makes it very easy to identify them at a later stage.

[[Image:WebScarab-NG-proxy-control-bar.png]]

==Error feedback==

One of the neat features provided by the Spring Rich Client Platform is the ability to check that the inputs actually make sense, and to provide automated "as you type" feedback to the user.

For example, look at the "Intercept Request" window:

[[Image:WebScarab-NG-intercept-request-error.png]]

We can see that the user tried to change the method from "POST" to "PROST". WebScarab-NG has no idea how to execute a "PROST" method, and so provides an error message to inform the user. Additionally, the OK button is automatically disabled, until the error is corrected.

==Obtaining WebScarab-NG==

WebScarab-NG is distributed via Google Code, and can be obtained [https://code.google.com/p/webscarab-ng/downloads/list here].

After extraction of files user need to run following command:
java -jar WebScarab-ng-X.X.X.one-jar.jar
where X.X.X is downloaded version or use one of scripts (start.sh for Linux, start.bat for Windows).

==Technical information==

Technical information for those interested in digging into it can be found [[ OWASP WebScarab NG Project Technical Info | here]].

This page lists the [[OWASP_WebScarab_Differences_%28Classic_vs_NG%29 | differences between WebScarab Classic and WebScarab NG]], including a ToDo list of work still to be done on WebScarab NG.

==Tips & Tricks==

WebScarab NG already contains a lot of functionality but some of them are well hidden beneath the GUI and nowhere documented.
A list of such functions can be found in the [[OWASP_WebScarab_NG_Tips_&_Tricks|Tips & Tricks of WebScarab NG]] section.

==Bugs==

Any found bugs should be reported via [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code issues page]. Such mechanism allows us to keep track of all found problems so we can WebScarab-NG better.

==Feedback==

If you have any comments or suggestions for WebScarab-NG, please feel free to post them on [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code issues page] or send them to the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP WebScarab mailing list]

Your feedback is much appreciated, and will be carefully considered for future releases of WebScarab-NG.

==Project Contributors==

The WebScarab-NG project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]].

[[Category:OWASP Download]]
[[Category:OWASP WebScarab NG Project]]
[[Category:OWASP Project]]
[[Category:OWASP Tool]]

OWASP WebScarab NG Project

2011-01-28T15:20:25Z

Daniel Brzozowski: Adding OWASP Project category

OWASP WebScarab NG Project

2011-01-27T23:54:55Z

Daniel Brzozowski: Updating project page - reference to common summary page.

OWASP WebScarab NG Project Summary

2011-01-27T23:53:55Z

Daniel Brzozowski: Updating summary page

'''Welcome to the WebScarab (Next Generation) Project'''
[[Image:OWASP_WebScarab_logo.gif |thumb | WebScarab-NG logo]]
WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the [http://spring-rich-c.sourceforge.net/ Spring Rich Client Platform ] to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

OWASP WebScarab NG Project Summary

2011-01-27T23:48:05Z

Daniel Brzozowski: Creating OWASP Summary Page

[[Image:OWASP_WebScarab_logo.gif |thumb | WebScarab-NG logo]]
WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the [http://spring-rich-c.sourceforge.net/ Spring Rich Client Platform ] to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

File:OWASP WebScarab logo.gif

2011-01-23T23:43:45Z

Daniel Brzozowski: logo of OWASP WebScarab Project

logo of OWASP WebScarab Project

OWASP WebScarab NG Project Technical Info

2011-01-23T17:37:48Z

Daniel Brzozowski: Updating project leader.

'''WebScarab (Next Generation) Technical Information'''

==Accessing the HSQL Database==

WebScarab-NG defaults to using the HSQLDB database libraries. If you are interested in digging into the DB manually, here's what you need to know.

===Getting the JAR===

Since WebScarab-NG is only available via Java Web Start at the moment, the HSQLDB libraries are unlikely to be anywhere convenient. So download the [[http://dawes.za.net/rogan/webscarab-ng/webstart/hsqldb-1.8.0.1.jar | jar]], and place it somewhere handy.

===Accessing the DB===

HSQLDB comes with a graphical client that allows you to explore the database, and execute arbitrary SQL.

You can invoke it by running:

$ java -cp hsqldb-1.8.0.1.jar org.hsqldb.util.DatabaseManager

It will prompt you to connect to the DB, by providing a URL. Simply copy and paste the same URL that you see in the WebScarab-NG dialog.

NOTE: Since it is run "in-process" in WebScarab-NG, it is not possible to access it concurrently from another application. You may be successful running HSQLDB in server mode, and specifying an appropriate URL to WS-NG when it starts, but keep in mind that (at the moment) WS-NG executes "SHUTDOWN" on the DB as it exits, in order to have a clean DB file, and no redo logs, etc. This could be changed if necessary.

===Important tables===

Once you have the DB open, it is just SQL ;-)

The key table is the "conversations" table.

conversations.createTable.hsqldb=\
CREATE CACHED TABLE conversations (\
session_id INT NOT NULL, \
id INTEGER GENERATED BY DEFAULT AS IDENTITY\
(START WITH 1) PRIMARY KEY,\
source_id INT NOT NULL,\
request_date TIMESTAMP NOT NULL,\
request_method_id INT NOT NULL,\
request_uri_id INT NOT NULL,\
request_version_id INT NOT NULL,\
request_content_id CHAR(32),\
response_version_id INT NOT NULL,\
response_status CHAR(3) NOT NULL,\
response_message_id INT NOT NULL,\
response_content_id CHAR(32)\
)

This keeps a record of every conversation that WS-NG knows about. The
columns should be quite self-explanatory.

This table works in conjunction with the headers and named_values tables
to record the request and response headers, as well as the blobs table
to record the request and response content. The blobs table is indexed
by the MD5 sum of the content.

So it is quite easy to reconstruct a conversation by finding the entry
in the conversations table, getting the headers from the
headers/named_values tables, and the content from the blobs table. And
obviously, the other fields are indexed into appropriate tables
(method_id -> methods, uri_id -> uris, etc)

Comments on my normalization are welcome - it's been almost 15 years
since my databases class at university!

===Database schema changes===

Databases created by versions of WebScarab-NG before 20070118 will be incompatible with versions after that date. Certain table columns were renamed to make it easier to accommodate other databases, by avoiding keywords, etc.

If you have an early DB, and would like to regain access to it, you need to run the following script using the DatabaseManager as described above:

ALTER TABLE conversations ALTER COLUMN session RENAME TO session_id;
ALTER TABLE conversations ALTER COLUMN source RENAME TO source_id;
ALTER TABLE conversations ALTER COLUMN date RENAME TO request_date;
ALTER TABLE conversations ALTER COLUMN request_method RENAME TO request_method_id;
ALTER TABLE conversations ALTER COLUMN request_uri RENAME TO request_uri_id;
ALTER TABLE conversations ALTER COLUMN request_version RENAME TO request_version_id;
ALTER TABLE conversations ALTER COLUMN request_content_key RENAME TO request_content_id;
ALTER TABLE conversations ALTER COLUMN response_version RENAME TO response_version_id;
ALTER TABLE conversations ALTER COLUMN response_message RENAME TO response_message_id;
ALTER TABLE conversations ALTER COLUMN response_content_key RENAME TO response_content_id;
ALTER TABLE blobs ALTER COLUMN key RENAME TO id;
ALTER TABLE blobs ALTER COLUMN size RENAME TO blob_size;
ALTER TABLE blobs ALTER COLUMN blob RENAME TO blob_content;
ALTER TABLE headers ALTER COLUMN conversation RENAME TO conversation_id;

which will rename the columns for you.

==Feedback==

If you have any comments or suggestions for WebScarab-NG, please feel free to send them to the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP WebScarab mailing list]

Your feedback is much appreciated, and will be carefully considered for future releases of WebScarab-NG.

==Project Contributors==

The WebScarab-NG project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]].

[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab Project Roadmap

2011-01-23T17:23:40Z

Daniel Brzozowski: WebScarab NG category addded

The project's overall goal is to...

Provide a robust '''tool''' that assists the user to identify weaknesses in
HTTP(S) based applications.

In its simplest form, it provides an intercepting proxy that allows the user
to observe and manipulate requests sent to the server, and the responses
returned from the server.

In the near term, we are focused on the following tactical goals...

# migration from the current messy code base to a hopefully cleaner implementation, based on the Spring Framework and the Spring Rich Client platform. This will provide a database-backed archive, as well as a more user-friendly user interface, with input validation, and proper feedback
# reimplementing the current functionality of WebScarab in the "next generation" code

[[Category:OWASP WebScarab Project]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab NG Project

2011-01-22T23:09:03Z

Daniel Brzozowski: Updating project info - migrating to Google Code.

'''Welcome to the WebScarab (Next Generation) Project'''

WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the [http://spring-rich-c.sourceforge.net/ Spring Rich Client Platform ] to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

==New User Interface==

As mentioned above, the user interface has changed quite a lot from the old WebScarab. Apart from the new default Look&Feel (JGoodies), you will see that the conversation viewer has changed quite a lot. The old "Raw" view is still there, but the Parsed version has changed quite dramatically - for the better, I hope you'll agree!

The Parsed view now shows the request and response details in a tree form, rather than in individual text boxes. This makes the interface look a lot cleaner, and more importantly, is a lot more compact. It also makes it a lot easier to include features like automatically breaking out URL parameters, and multiple cookies into their own nodes, where it is a lot easier to view the individual parameters. We also show the request and the response next to each other, rather than one above the other, since most people seem to have more horizontal real-estate than vertical. The split between request and response can easily be adjusted by dragging, as can the split between the headers and the message content.

[[Image:WebScarab-NG-default.png]]

==Current status==

At this stage, WebScarab-NG primary feature is the intercepting proxy that allows the operator to observe and modify requests from a browser or other client passing through the proxy. A new feature is the Proxy Control Bar, which is implemented as a "stays on top" tool bar that floats above your browser or other thick client, and allows you to quickly enable or disable request intercepts. It also allows you to annotate or describe the requests as they pass through the proxy. If you type some text into the annotation field, that text will be linked to the next conversation that passes through the proxy, and can later be viewed as part of the conversation history. this can be very helpful to keep track of what you were doing in a multi-step procedure.

For example: Selecting a menu item, entering a value, submitting that value, etc. Often sites are built in such a way that they can result in dozens of conversations resulting from a single action. Annotating that conversation that initiated all the rest makes it very easy to identify them at a later stage.

[[Image:WebScarab-NG-proxy-control-bar.png]]

==Error feedback==

One of the neat features provided by the Spring Rich Client Platform is the ability to check that the inputs actually make sense, and to provide automated "as you type" feedback to the user.

For example, look at the "Intercept Request" window:

[[Image:WebScarab-NG-intercept-request-error.png]]

We can see that the user tried to change the method from "POST" to "PROST". WebScarab-NG has no idea how to execute a "PROST" method, and so provides an error message to inform the user. Additionally, the OK button is automatically disabled, until the error is corrected.

==Obtaining WebScarab-NG==

WebScarab-NG is distributed via Google Code, and can be obtained [https://code.google.com/p/webscarab-ng/downloads/list here].

After extraction of files user need to run following command:
java -jar WebScarab-ng-X.X.X.one-jar.jar
where X.X.X is downloaded version or use one of scripts (start.sh for Linux, start.bat for Windows).

==Technical information==

Technical information for those interested in digging into it can be found [[ OWASP WebScarab NG Project Technical Info | here]].

This page lists the [[OWASP_WebScarab_Differences_%28Classic_vs_NG%29 | differences between WebScarab Classic and WebScarab NG]], including a ToDo list of work still to be done on WebScarab NG.

==Tips & Tricks==

WebScarab NG already contains a lot of functionality but some of them are well hidden beneath the GUI and nowhere documented.
A list of such functions can be found in the [[OWASP_WebScarab_NG_Tips_&_Tricks|Tips & Tricks of WebScarab NG]] section.

==Bugs==

Any found bugs should be reported via [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code issues page]. Such mechanism allows us to keep track of all found problems so we can WebScarab-NG better.

==Feedback==

If you have any comments or suggestions for WebScarab-NG, please feel free to post them on [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code issues page] or send them to the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP WebScarab mailing list]

Your feedback is much appreciated, and will be carefully considered for future releases of WebScarab-NG.

==Project Contributors==

The WebScarab-NG project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]].

[[Category:OWASP Download]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab NG Project

2011-01-22T23:04:38Z

Daniel Brzozowski: minor change

'''Welcome to the WebScarab (Next Generation) Project'''

WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the [http://spring-rich-c.sourceforge.net/ Spring Rich Client Platform ] to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

==New User Interface==

As mentioned above, the user interface has changed quite a lot from the old WebScarab. Apart from the new default Look&Feel (JGoodies), you will see that the conversation viewer has changed quite a lot. The old "Raw" view is still there, but the Parsed version has changed quite dramatically - for the better, I hope you'll agree!

The Parsed view now shows the request and response details in a tree form, rather than in individual text boxes. This makes the interface look a lot cleaner, and more importantly, is a lot more compact. It also makes it a lot easier to include features like automatically breaking out URL parameters, and multiple cookies into their own nodes, where it is a lot easier to view the individual parameters. We also show the request and the response next to each other, rather than one above the other, since most people seem to have more horizontal real-estate than vertical. The split between request and response can easily be adjusted by dragging, as can the split between the headers and the message content.

[[Image:WebScarab-NG-default.png]]

==Current status==

At this stage, WebScarab-NG primary feature is the intercepting proxy that allows the operator to observe and modify requests from a browser or other client passing through the proxy. A new feature is the Proxy Control Bar, which is implemented as a "stays on top" tool bar that floats above your browser or other thick client, and allows you to quickly enable or disable request intercepts. It also allows you to annotate or describe the requests as they pass through the proxy. If you type some text into the annotation field, that text will be linked to the next conversation that passes through the proxy, and can later be viewed as part of the conversation history. this can be very helpful to keep track of what you were doing in a multi-step procedure.

For example: Selecting a menu item, entering a value, submitting that value, etc. Often sites are built in such a way that they can result in dozens of conversations resulting from a single action. Annotating that conversation that initiated all the rest makes it very easy to identify them at a later stage.

[[Image:WebScarab-NG-proxy-control-bar.png]]

==Error feedback==

One of the neat features provided by the Spring Rich Client Platform is the ability to check that the inputs actually make sense, and to provide automated "as you type" feedback to the user.

For example, look at the "Intercept Request" window:

[[Image:WebScarab-NG-intercept-request-error.png]]

We can see that the user tried to change the method from "POST" to "PROST". WebScarab-NG has no idea how to execute a "PROST" method, and so provides an error message to inform the user. Additionally, the OK button is automatically disabled, until the error is corrected.

==Obtaining WebScarab-NG==

WebScarab-NG is distributed via Java WebStart, and can be obtained [http://dawes.za.net/rogan/webscarab-ng/webstart/WebScarab-ng.jnlp here].

A major benefit of using Java WebStart is that users will automatically receive new versions of WebScarab-Ng as they are made available, since WebStart checks to see if a new version is available each time it is run. Of course, if it is run with no access to the Internet, it will still run.

Note: there is an issue with signing the application and Java web start if you are using Java 1.6.
We are investigating the solution. In the meantime, you can still use WebScarab NG with an older
version of Java (without messing up your system).

"set PATH="c:\Program Files\Java\jdk1.5.0_06\bin" or whatever
"javaws http://dawes.za.net/rogan/webscarab-ng/webstart/WebScarab-ng.jnlp

Depending on demand, once WebScarab NG matures, it will also be made available for offline installation.

For information about what changes have been made, please see [http://dawes.za.net/gitweb.cgi?p=rogan/webscarab-ng/webscarab-ng.git;a=summary the GIT repository]

If you want to get a copy of the source, you can download a snapshot from the gitweb repository viewer. Alternatively, if you want to check out the repo using git, you can use the following command:

$ git clone http://dawes.za.net/rogan/webscarab-ng/webscarab-ng.git/

You can get any subsequent changes using:

$ git fetch origin

==Technical information==

Technical information for those interested in digging into it can be found [[ OWASP WebScarab NG Project Technical Info | here]].

This page lists the [[OWASP_WebScarab_Differences_%28Classic_vs_NG%29 | differences between WebScarab Classic and WebScarab NG]], including a ToDo list of work still to be done on WebScarab NG.

==Tips & Tricks==

WebScarab NG already contains a lot of functionality but some of them are well hidden beneath the GUI and nowhere documented.
A list of such functions can be found in the [[OWASP_WebScarab_NG_Tips_&_Tricks|Tips & Tricks of WebScarab NG]] section.

==Bugs==

Any found bugs should be reported via [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code issues page]. Such mechanism allows us to keep track of all found problems so we can WebScarab-NG better.

==Feedback==

If you have any comments or suggestions for WebScarab-NG, please feel free to post them on [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code issues page] or send them to the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP WebScarab mailing list]

Your feedback is much appreciated, and will be carefully considered for future releases of WebScarab-NG.

==Project Contributors==

The WebScarab-NG project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]].

[[Category:OWASP Download]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab NG Project

2011-01-22T23:03:05Z

Daniel Brzozowski: Updating project info - migrating to Google Code.

'''Welcome to the WebScarab (Next Generation) Project'''

WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the [http://spring-rich-c.sourceforge.net/ Spring Rich Client Platform ] to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

==New User Interface==

As mentioned above, the user interface has changed quite a lot from the old WebScarab. Apart from the new default Look&Feel (JGoodies), you will see that the conversation viewer has changed quite a lot. The old "Raw" view is still there, but the Parsed version has changed quite dramatically - for the better, I hope you'll agree!

The Parsed view now shows the request and response details in a tree form, rather than in individual text boxes. This makes the interface look a lot cleaner, and more importantly, is a lot more compact. It also makes it a lot easier to include features like automatically breaking out URL parameters, and multiple cookies into their own nodes, where it is a lot easier to view the individual parameters. We also show the request and the response next to each other, rather than one above the other, since most people seem to have more horizontal real-estate than vertical. The split between request and response can easily be adjusted by dragging, as can the split between the headers and the message content.

[[Image:WebScarab-NG-default.png]]

==Current status==

At this stage, WebScarab-NG primary feature is the intercepting proxy that allows the operator to observe and modify requests from a browser or other client passing through the proxy. A new feature is the Proxy Control Bar, which is implemented as a "stays on top" tool bar that floats above your browser or other thick client, and allows you to quickly enable or disable request intercepts. It also allows you to annotate or describe the requests as they pass through the proxy. If you type some text into the annotation field, that text will be linked to the next conversation that passes through the proxy, and can later be viewed as part of the conversation history. this can be very helpful to keep track of what you were doing in a multi-step procedure.

For example: Selecting a menu item, entering a value, submitting that value, etc. Often sites are built in such a way that they can result in dozens of conversations resulting from a single action. Annotating that conversation that initiated all the rest makes it very easy to identify them at a later stage.

[[Image:WebScarab-NG-proxy-control-bar.png]]

==Error feedback==

One of the neat features provided by the Spring Rich Client Platform is the ability to check that the inputs actually make sense, and to provide automated "as you type" feedback to the user.

For example, look at the "Intercept Request" window:

[[Image:WebScarab-NG-intercept-request-error.png]]

We can see that the user tried to change the method from "POST" to "PROST". WebScarab-NG has no idea how to execute a "PROST" method, and so provides an error message to inform the user. Additionally, the OK button is automatically disabled, until the error is corrected.

==Obtaining WebScarab-NG==

WebScarab-NG is distributed via Java WebStart, and can be obtained [http://dawes.za.net/rogan/webscarab-ng/webstart/WebScarab-ng.jnlp here].

A major benefit of using Java WebStart is that users will automatically receive new versions of WebScarab-Ng as they are made available, since WebStart checks to see if a new version is available each time it is run. Of course, if it is run with no access to the Internet, it will still run.

Note: there is an issue with signing the application and Java web start if you are using Java 1.6.
We are investigating the solution. In the meantime, you can still use WebScarab NG with an older
version of Java (without messing up your system).

"set PATH="c:\Program Files\Java\jdk1.5.0_06\bin" or whatever
"javaws http://dawes.za.net/rogan/webscarab-ng/webstart/WebScarab-ng.jnlp

Depending on demand, once WebScarab NG matures, it will also be made available for offline installation.

For information about what changes have been made, please see [http://dawes.za.net/gitweb.cgi?p=rogan/webscarab-ng/webscarab-ng.git;a=summary the GIT repository]

If you want to get a copy of the source, you can download a snapshot from the gitweb repository viewer. Alternatively, if you want to check out the repo using git, you can use the following command:

$ git clone http://dawes.za.net/rogan/webscarab-ng/webscarab-ng.git/

You can get any subsequent changes using:

$ git fetch origin

==Technical information==

Technical information for those interested in digging into it can be found [[ OWASP WebScarab NG Project Technical Info | here]].

This page lists the [[OWASP_WebScarab_Differences_%28Classic_vs_NG%29 | differences between WebScarab Classic and WebScarab NG]], including a ToDo list of work still to be done on WebScarab NG.

==Tips & Tricks==

WebScarab NG already contains a lot of functionality but some of them are well hidden beneath the GUI and nowhere documented.
A list of such functions can be found in the [[OWASP_WebScarab_NG_Tips_&_Tricks|Tips & Tricks of WebScarab NG]] section.

==Bugs==

Any found bugs should be reported via [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code on issues page]. Such mechanism allows us to keep track of all found problems so we can WebScarab-NG better.

==Feedback==

If you have any comments or suggestions for WebScarab-NG, please feel free to post them on [https://code.google.com/p/webscarab-ng/issues/list WebScarab NG Google Code on issues page] or send them to the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP WebScarab mailing list]

Your feedback is much appreciated, and will be carefully considered for future releases of WebScarab-NG.

==Project Contributors==

The WebScarab-NG project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]].

[[Category:OWASP Download]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab Differences (Classic vs NG)

2011-01-22T22:49:51Z

Daniel Brzozowski:

'''This page is intended to document the differences between WebScarab Classic and WebScarab Next Generation'''

The objective is to list the major features that one has over the other, with the intent to track the porting of desirable features from Classic to NG.

==Framework functionality==

NG has no concept of the shared cookie jar, which is used in Classic to allow plugins such as the Spider and Manual Request plugins to use the most current cookies for a particular URL. This could/should be replaced by an Identity module, which can provide the most current identifiers for a particular identity (cookies, Basic auth, etc).

NG now also has the Transcoder functionality, implemented as a non-modal dialog. It is intended to also implement "right-click" menus to perform various transcoding operations "in-place" in arbitrary text fields.

==Plugins==

NG has significantly fewer plugins than Classic. The only plugins currently implemented in NG are the Proxy, Manual Request and WebServices plugins.

This leaves the following plugins to be implemented:

* Spider
* Extensions
* XSSCRLF
* SessionIDAnalysis
* Scripting
* Fragments
* Compare
* Search

=== Proxy ===
Features that remain to be ported:
* BeanShell scripts for programmatic modification of requests/responses
* Miscellaneous proxy plugins - Reveal hidden fields, prevent caching of responses
* Ability to modify Internet Explorer proxy settings automatically on startup and exit

=== Manual Request ===
Features that remain to be ported:
* Ability to convert a request from a GET to a POST or multipart POST, and vice versa.

=== WebServices ===
Partially completed. Currently it is sufficient to access the WebGoat web service.

Features that remain to be ported:
* Support for complex types (This functionality could easily be added if desired)

==HTTP Protocol support==

WebScarab-classic has support for authentication to servers using SSL client certificates (including those stored on a smart card), as well as using NTLM. NG does not currently support SSL client certificates at all. NTLM should be supported through the Apache HTTPClient library, but this has not been tested.

==Porting suggestions==

For people interested in contributing to this project by porting one of the above plugins, here are some suggestions:

* SessionID analysis
The current session id analysis plugin, while looking cool is actually very misleading. Anyone wanting to implement this feature for NG would be advised to take a look at Michal Zalewski's stompy to see how it can be done better.

* Search, Compare
These plugins are very clunky to use. It actually makes a lot more sense to make those features available as part of the primary interface, rather than relegating them to a backwater. Search should provide a simple interface where the operator can type some text and click Go, rather than having to write code.

==Execution==

WebScarab NG is distributed using the Maven onejar plugin, which packages all the required jars into a subdirectory of the "onejar", and provides a specialised classloader to allow Java to access the contents of those jars. To start WebScarab NG use following command in jar directory

java -jar WebScarab-ng-X.X.X.one-jar.jar
where X.X.X is downloaded version or use one of scripts (start.sh for Linux, start.bat for Windows) provided in WebScarab NG zip file (which can be found [https://code.google.com/p/webscarab-ng/downloads/list here]).

[[Category:OWASP WebScarab Project]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab Differences (Classic vs NG)

2011-01-22T22:47:45Z

Daniel Brzozowski: Updating for google code.

'''This page is intended to document the differences between WebScarab Classic and WebScarab Next Generation'''

The objective is to list the major features that one has over the other, with the intent to track the porting of desirable features from Classic to NG.

==Framework functionality==

NG has no concept of the shared cookie jar, which is used in Classic to allow plugins such as the Spider and Manual Request plugins to use the most current cookies for a particular URL. This could/should be replaced by an Identity module, which can provide the most current identifiers for a particular identity (cookies, Basic auth, etc).

NG now also has the Transcoder functionality, implemented as a non-modal dialog. It is intended to also implement "right-click" menus to perform various transcoding operations "in-place" in arbitrary text fields.

==Plugins==

NG has significantly fewer plugins than Classic. The only plugins currently implemented in NG are the Proxy, Manual Request and WebServices plugins.

This leaves the following plugins to be implemented:

* Spider
* Extensions
* XSSCRLF
* SessionIDAnalysis
* Scripting
* Fragments
* Compare
* Search

=== Proxy ===
Features that remain to be ported:
* BeanShell scripts for programmatic modification of requests/responses
* Miscellaneous proxy plugins - Reveal hidden fields, prevent caching of responses
* Ability to modify Internet Explorer proxy settings automatically on startup and exit

=== Manual Request ===
Features that remain to be ported:
* Ability to convert a request from a GET to a POST or multipart POST, and vice versa.

=== WebServices ===
Partially completed. Currently it is sufficient to access the WebGoat web service.

Features that remain to be ported:
* Support for complex types (This functionality could easily be added if desired)

==HTTP Protocol support==

WebScarab-classic has support for authentication to servers using SSL client certificates (including those stored on a smart card), as well as using NTLM. NG does not currently support SSL client certificates at all. NTLM should be supported through the Apache HTTPClient library, but this has not been tested.

==Porting suggestions==

For people interested in contributing to this project by porting one of the above plugins, here are some suggestions:

* SessionID analysis
The current session id analysis plugin, while looking cool is actually very misleading. Anyone wanting to implement this feature for NG would be advised to take a look at Michal Zalewski's stompy to see how it can be done better.

* Search, Compare
These plugins are very clunky to use. It actually makes a lot more sense to make those features available as part of the primary interface, rather than relegating them to a backwater. Search should provide a simple interface where the operator can type some text and click Go, rather than having to write code.

==Execution==

WebScarab NG is distributed using the Maven onejar plugin, which packages all the required jars into a subdirectory of the "onejar", and provides a specialised classloader to allow Java to access the contents of those jars. To start WebScarab NG use following command in jar directory

java -jar WebScarab-ng-X.X.X.one-jar.jar
where X.X.X is downloaded version or use one of scripts (start.sh for Linux, start.bat for Windows) provided in WebScarab zip file.

[[Category:OWASP WebScarab Project]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab Differences (Classic vs NG)

2011-01-22T22:38:37Z

Daniel Brzozowski:

'''This page is intended to document the differences between WebScarab Classic and WebScarab Next Generation'''

The objective is to list the major features that one has over the other, with the intent to track the porting of desirable features from Classic to NG.

==Framework functionality==

NG has no concept of the shared cookie jar, which is used in Classic to allow plugins such as the Spider and Manual Request plugins to use the most current cookies for a particular URL. This could/should be replaced by an Identity module, which can provide the most current identifiers for a particular identity (cookies, Basic auth, etc).

NG now also has the Transcoder functionality, implemented as a non-modal dialog. It is intended to also implement "right-click" menus to perform various transcoding operations "in-place" in arbitrary text fields.

==Plugins==

NG has significantly fewer plugins than Classic. The only plugins currently implemented in NG are the Proxy, Manual Request and WebServices plugins.

This leaves the following plugins to be implemented:

* Spider
* Extensions
* XSSCRLF
* SessionIDAnalysis
* Scripting
* Fragments
* Compare
* Search

=== Proxy ===
Features that remain to be ported:
* BeanShell scripts for programmatic modification of requests/responses
* Miscellaneous proxy plugins - Reveal hidden fields, prevent caching of responses
* Ability to modify Internet Explorer proxy settings automatically on startup and exit

=== Manual Request ===
Features that remain to be ported:
* Ability to convert a request from a GET to a POST or multipart POST, and vice versa.

=== WebServices ===
Partially completed. Currently it is sufficient to access the WebGoat web service.

Features that remain to be ported:
* Support for complex types (This functionality could easily be added if desired)

==HTTP Protocol support==

WebScarab-classic has support for authentication to servers using SSL client certificates (including those stored on a smart card), as well as using NTLM. NG does not currently support SSL client certificates at all. NTLM should be supported through the Apache HTTPClient library, but this has not been tested.

==Porting suggestions==

For people interested in contributing to this project by porting one of the above plugins, here are some suggestions:

* SessionID analysis
The current session id analysis plugin, while looking cool is actually very misleading. Anyone wanting to implement this feature for NG would be advised to take a look at Michal Zalewski's stompy to see how it can be done better.

* Search, Compare
These plugins are very clunky to use. It actually makes a lot more sense to make those features available as part of the primary interface, rather than relegating them to a backwater. Search should provide a simple interface where the operator can type some text and click Go, rather than having to write code.

==Execution==

WebScarab NG is currently only executable via Java WebStart, which is likely to pose a problem for certain folk. An alternate packaging has been created, using the Maven onejar plugin, which packages all the required jars into a subdirectory of the "onejar", and provides a specialised classloader to allow Java to access the contents of those jars.

[[Category:OWASP WebScarab Project]]
[[Category:OWASP WebScarab NG Project]]

OWASP WebScarab NG Project

2011-01-21T01:02:48Z

Daniel Brzozowski: Updating project leader.

'''Welcome to the WebScarab (Next Generation) Project'''

WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the [http://spring-rich-c.sourceforge.net/ Spring Rich Client Platform ] to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

==New User Interface==

As mentioned above, the user interface has changed quite a lot from the old WebScarab. Apart from the new default Look&Feel (JGoodies), you will see that the conversation viewer has changed quite a lot. The old "Raw" view is still there, but the Parsed version has changed quite dramatically - for the better, I hope you'll agree!

The Parsed view now shows the request and response details in a tree form, rather than in individual text boxes. This makes the interface look a lot cleaner, and more importantly, is a lot more compact. It also makes it a lot easier to include features like automatically breaking out URL parameters, and multiple cookies into their own nodes, where it is a lot easier to view the individual parameters. We also show the request and the response next to each other, rather than one above the other, since most people seem to have more horizontal real-estate than vertical. The split between request and response can easily be adjusted by dragging, as can the split between the headers and the message content.

[[Image:WebScarab-NG-default.png]]

==Current status==

At this stage, WebScarab-NG primary feature is the intercepting proxy that allows the operator to observe and modify requests from a browser or other client passing through the proxy. A new feature is the Proxy Control Bar, which is implemented as a "stays on top" tool bar that floats above your browser or other thick client, and allows you to quickly enable or disable request intercepts. It also allows you to annotate or describe the requests as they pass through the proxy. If you type some text into the annotation field, that text will be linked to the next conversation that passes through the proxy, and can later be viewed as part of the conversation history. this can be very helpful to keep track of what you were doing in a multi-step procedure.

For example: Selecting a menu item, entering a value, submitting that value, etc. Often sites are built in such a way that they can result in dozens of conversations resulting from a single action. Annotating that conversation that initiated all the rest makes it very easy to identify them at a later stage.

[[Image:WebScarab-NG-proxy-control-bar.png]]

==Error feedback==

One of the neat features provided by the Spring Rich Client Platform is the ability to check that the inputs actually make sense, and to provide automated "as you type" feedback to the user.

For example, look at the "Intercept Request" window:

[[Image:WebScarab-NG-intercept-request-error.png]]

We can see that the user tried to change the method from "POST" to "PROST". WebScarab-NG has no idea how to execute a "PROST" method, and so provides an error message to inform the user. Additionally, the OK button is automatically disabled, until the error is corrected.

==Obtaining WebScarab-NG==

WebScarab-NG is distributed via Java WebStart, and can be obtained [http://dawes.za.net/rogan/webscarab-ng/webstart/WebScarab-ng.jnlp here].

A major benefit of using Java WebStart is that users will automatically receive new versions of WebScarab-Ng as they are made available, since WebStart checks to see if a new version is available each time it is run. Of course, if it is run with no access to the Internet, it will still run.

Note: there is an issue with signing the application and Java web start if you are using Java 1.6.
We are investigating the solution. In the meantime, you can still use WebScarab NG with an older
version of Java (without messing up your system).

"set PATH="c:\Program Files\Java\jdk1.5.0_06\bin" or whatever
"javaws http://dawes.za.net/rogan/webscarab-ng/webstart/WebScarab-ng.jnlp

Depending on demand, once WebScarab NG matures, it will also be made available for offline installation.

For information about what changes have been made, please see [http://dawes.za.net/gitweb.cgi?p=rogan/webscarab-ng/webscarab-ng.git;a=summary the GIT repository]

If you want to get a copy of the source, you can download a snapshot from the gitweb repository viewer. Alternatively, if you want to check out the repo using git, you can use the following command:

$ git clone http://dawes.za.net/rogan/webscarab-ng/webscarab-ng.git/

You can get any subsequent changes using:

$ git fetch origin

==Technical information==

Technical information for those interested in digging into it can be found [[ OWASP WebScarab NG Project Technical Info | here]].

This page lists the [[OWASP_WebScarab_Differences_%28Classic_vs_NG%29 | differences between WebScarab Classic and WebScarab NG]], including a ToDo list of work still to be done on WebScarab NG.

==Tips & Tricks==

WebScarab NG already contains a lot of functionality but some of them are well hidden beneath the GUI and nowhere documented.
A list of such functions can be found in the [[OWASP_WebScarab_NG_Tips_&_Tricks|Tips & Tricks of WebScarab NG]] section.

==Feedback==

If you have any comments or suggestions for WebScarab-NG, please feel free to send them to the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP WebScarab mailing list]

Your feedback is much appreciated, and will be carefully considered for future releases of WebScarab-NG.

==Project Contributors==

The WebScarab-NG project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]].

[[Category:OWASP Download]]
[[Category:OWASP WebScarab NG Project]]

Category:OWASP WebScarab Project

2011-01-21T01:01:31Z

Daniel Brzozowski: Undo revision 101259 by Daniel Brzozowski (Talk) - wrong Project

{{OWASP Book|1416452}}

'''Welcome to the WebScarab Project'''

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

You may also be interested in testing the [[OWASP WebScarab NG Project | Next Generation of WebScarab]].

==Screenshots==

Here's the main window of WebScarab. Check the [[WebScarab Getting Started]] guide for more screenshots of WebScarab in action.

[[Image:WebScarab after browsing.png]]

==Overview==

There is no shiny red button on WebScarab, it is a tool primarily designed to be used by people who can write code themselves, or at least have a pretty good understanding of the HTTP protocol. If that sounds like you, welcome! Download WebScarab, sign up for the mailing list on the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP subscription page], and enjoy! You can read a [[WebScarab Tutorial | brief tutorial ]] to explain the basic workings.

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

==Download==

A ZIP containing an up to date build of the master branch of the [http://dawes.za.net/gitweb.cgi?p=webscarab.git webscarab git tree] can be found [http://dawes.za.net/rogan/webscarab/#current here]. This file is rebuilt whenever new commits are pushed to the repository, and will always be the most up to date build of WebScarab available.

A Mac OS X package of the latest version can usually be found on [http://research.corsaire.com/tools/ Corsaire's download page].

Historical Versions:

Alternatively, you can download older builds of WebScarab from the [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823 OWASP Source Code Center at Sourceforge]. Then install them likewise:
* Linux: <tt>java -jar ./webscarab-selfcontained-[numbers].jar</tt>
* Windows: double-click the installer jar file [http://www.acsac.org/2007/downloads/t5-webscarab-instructions.pdf (complete installation instructions)])

==Features==

A framework without any functions is worthless, of course, and so WebScarab provides a number of plugins, mainly aimed at the security functionality for the moment. Those plugins include:

* Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins

* Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.

* Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.

* Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.

* Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable.

* Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.

* Spider - identifies new URLs on the target site, and fetches them on command.

* Manual request - Allows editing and replay of previous requests, or creation of entirely new requests.

* SessionID analysis - collects and analyzes a number of cookies to visually determine the degree of randomness and unpredictability. Note that this analysis is rather trivial, and does not do any serious checks, such as FIPS, etc.

* Scripted - operators can use BeanShell (or any other BSF supported language found on the classpath) to write a script to create requests and fetch them from the server. The script can then perform some analysis on the responses, with all the power of the WebScarab Request and Response object model to simplify things.

* Parameter fuzzer - performs automated substitution of parameter values that are likely to expose incomplete parameter validation, leading to vulnerabilities like Cross Site Scripting (XSS) and SQL Injection.

* Search - allows the user to craft arbitrary BeanShell expressions to identify conversations that should be shown in the list.

* Compare - calculates the edit distance between the response bodies of the conversations observed, and a selected baseline conversation. The edit distance is "the number of edits required to transform one document into another". For performance reasons, edits are calculated using word tokens, rather than byte by byte.

* SOAP - There is a plugin that parses WSDL, and presents the various functions and the required parameters, allowing them to be edited before being sent to the server. '''NOTE''': This plugin is deprecated, and may be removed in the future. [http://www.soapui.org SOAPUI] is streets beyond anything that Webscarab can do, or will ever do, and is also a free tool.

* Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user.

* XSS/CRLF - passive analysis plugin that searches for user-controlled data in HTTP response headers and body to identify potential CRLF injection (HTTP response splitting) and reflected cross-site scripting (XSS) vulnerabilities.

==Training Material==

Aung Khant (YGN Ethical Hacker Group, Myanmar) has created a series of WebScarab movies which can be found [http://yehg.net/lab/pr0js/training/webscarab.php here].

There are slides of the presentation "Uncovering Webscarab's Hidden Treasures", given at the OWASP EU Summit 2008, available [https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt here].

==Future development==

Features will probably include:

* Combining the Search and Compare plugins, so that you can compare only specific responses

* Improving the fuzzer, adding ability to follow redirects, or to specify the number of threads to use. Also, adding the ability to define what is (or isn't) interesting in the fuzz results, and save only interesting conversations to the summary.

==Extensibility==

As a framework, WebScarab is extensible. Each feature above is implemented as a plugin, and can be removed or replaced. New features can be easily implemented as well. The sky is the limit! If you have a great idea for a plugin, please let us know about it on the list.

==Project Contributors==

The WebScarab project is run by Rogan Dawes of Corsaire Security. He can be contacted at rogan AT dawes.za.net

[[Category:OWASP Project|WebScarab Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Release Quality Tool]]

Category:OWASP WebScarab Project

2011-01-21T01:00:10Z

Daniel Brzozowski: Updating project leader.

{{OWASP Book|1416452}}

'''Welcome to the WebScarab Project'''

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

You may also be interested in testing the [[OWASP WebScarab NG Project | Next Generation of WebScarab]].

==Screenshots==

Here's the main window of WebScarab. Check the [[WebScarab Getting Started]] guide for more screenshots of WebScarab in action.

[[Image:WebScarab after browsing.png]]

==Overview==

There is no shiny red button on WebScarab, it is a tool primarily designed to be used by people who can write code themselves, or at least have a pretty good understanding of the HTTP protocol. If that sounds like you, welcome! Download WebScarab, sign up for the mailing list on the [http://lists.owasp.org/mailman/listinfo/owasp-webscarab OWASP subscription page], and enjoy! You can read a [[WebScarab Tutorial | brief tutorial ]] to explain the basic workings.

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

==Download==

A ZIP containing an up to date build of the master branch of the [http://dawes.za.net/gitweb.cgi?p=webscarab.git webscarab git tree] can be found [http://dawes.za.net/rogan/webscarab/#current here]. This file is rebuilt whenever new commits are pushed to the repository, and will always be the most up to date build of WebScarab available.

A Mac OS X package of the latest version can usually be found on [http://research.corsaire.com/tools/ Corsaire's download page].

Historical Versions:

Alternatively, you can download older builds of WebScarab from the [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823 OWASP Source Code Center at Sourceforge]. Then install them likewise:
* Linux: <tt>java -jar ./webscarab-selfcontained-[numbers].jar</tt>
* Windows: double-click the installer jar file [http://www.acsac.org/2007/downloads/t5-webscarab-instructions.pdf (complete installation instructions)])

==Features==

A framework without any functions is worthless, of course, and so WebScarab provides a number of plugins, mainly aimed at the security functionality for the moment. Those plugins include:

* Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins

* Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.

* Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.

* Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.

* Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable.

* Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.

* Spider - identifies new URLs on the target site, and fetches them on command.

* Manual request - Allows editing and replay of previous requests, or creation of entirely new requests.

* SessionID analysis - collects and analyzes a number of cookies to visually determine the degree of randomness and unpredictability. Note that this analysis is rather trivial, and does not do any serious checks, such as FIPS, etc.

* Scripted - operators can use BeanShell (or any other BSF supported language found on the classpath) to write a script to create requests and fetch them from the server. The script can then perform some analysis on the responses, with all the power of the WebScarab Request and Response object model to simplify things.

* Parameter fuzzer - performs automated substitution of parameter values that are likely to expose incomplete parameter validation, leading to vulnerabilities like Cross Site Scripting (XSS) and SQL Injection.

* Search - allows the user to craft arbitrary BeanShell expressions to identify conversations that should be shown in the list.

* Compare - calculates the edit distance between the response bodies of the conversations observed, and a selected baseline conversation. The edit distance is "the number of edits required to transform one document into another". For performance reasons, edits are calculated using word tokens, rather than byte by byte.

* SOAP - There is a plugin that parses WSDL, and presents the various functions and the required parameters, allowing them to be edited before being sent to the server. '''NOTE''': This plugin is deprecated, and may be removed in the future. [http://www.soapui.org SOAPUI] is streets beyond anything that Webscarab can do, or will ever do, and is also a free tool.

* Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user.

* XSS/CRLF - passive analysis plugin that searches for user-controlled data in HTTP response headers and body to identify potential CRLF injection (HTTP response splitting) and reflected cross-site scripting (XSS) vulnerabilities.

==Training Material==

Aung Khant (YGN Ethical Hacker Group, Myanmar) has created a series of WebScarab movies which can be found [http://yehg.net/lab/pr0js/training/webscarab.php here].

There are slides of the presentation "Uncovering Webscarab's Hidden Treasures", given at the OWASP EU Summit 2008, available [https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt here].

==Future development==

Features will probably include:

* Combining the Search and Compare plugins, so that you can compare only specific responses

* Improving the fuzzer, adding ability to follow redirects, or to specify the number of threads to use. Also, adding the ability to define what is (or isn't) interesting in the fuzz results, and save only interesting conversations to the summary.

==Extensibility==

As a framework, WebScarab is extensible. Each feature above is implemented as a plugin, and can be removed or replaced. New features can be easily implemented as well. The sky is the limit! If you have a great idea for a plugin, please let us know about it on the list.

==Project Contributors==

The WebScarab project is run by Daniel Brzozowski. He can be contacted at [[File:Db.png]]

[[Category:OWASP Project|WebScarab Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
[[Category:OWASP Release Quality Tool]]

File:Db.png

2011-01-21T00:57:39Z

Daniel Brzozowski: uploaded a new version of "File:Db.png": Daniel Brzozowski address

Daniel Brzozowski

File:Db.png

2011-01-21T00:54:27Z

Daniel Brzozowski: Daniel Brzozowski

Daniel Brzozowski

Summit 2011 Attendee/Attendee122

2011-01-19T11:08:17Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership =
| Conference Co-Leadership =
| Projected Funding Cost =
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP WebScarab NG, OWASP .NET Project, OWASP Trainings
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-18T23:55:53Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership = London
| Chapter Co-Leadership =
| Conference Co-Leadership =
| Projected Funding Cost =
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP WebScarab NG, OWASP .NET Project, OWASP Trainings
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-18T23:55:23Z

Daniel Brzozowski:

Summit 2011 Attendee/Attendee122

2011-01-12T14:33:14Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-

| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP WebScarab NG, OWASP .NET Project, OWASP Trainings
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-12T02:14:39Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-

| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = Involved in WebScarab NG, which has strong predispositions to be one of #1 pentools. Talks as an individual during conferences and extensive part of these talks was about OWASP and it's mission. Ideas and energy for projects that require it like .NET Project.
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-12T02:13:38Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-

| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = Involved in WebScarab NG, which has strong predispositions to be one of #1 pentools. Talks as an individual during conferences and extensive part of these talks was about OWASP and it's mission. Ideas and energy for projects that require more energy like .NET Project.
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-12T02:11:30Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-

| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = involved WebScarab NG, which has strong predispositions to be one of #1 pentools. Talks as an individual during TestWarez 2010 in Bydgoszcz, Poland and TestExpo 2010 in London, UK and extensive part of these talks was about OWASP and its mission. There are few projects that require more energy like .NET Project and I could help resurrect them.
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-12T02:08:19Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-

| summit_attendee_current_owasp_involvement_name1 = OWASP WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
| summit_attendee_current_owasp_involvement_name2 = OWASP .NET Project
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Category:OWASP_.NET_Project
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Training
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = OWASP Secure Coding Workshop Track
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 = OWASP WebScarab NG
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 = OWASP .NET Project
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = I'm currently involved in WebScarab NG, which I believe has strong predispositions to be one of #1 pentools. What's more a gave talks as an individual during TestWarez 2010 in Bydgoszcz, Poland and TestExpo 2010 in London, UK and extensive part of these talks was about OWASP and its mission. There are few projects that require more energy like .NET Project and I could help resurrect them.
|-
| status = Confirmed, needs funding.
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-11T23:58:38Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = .NET Project
| Project Contribution (more than 6 months old) = WebScarab NG
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-
| summit_attendee_current_owasp_involvement_name1 = WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 =
| summit_attendee_current_owasp_involvement_name2 = .NET Project
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = WebScarab NG
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = .NET Project
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 = O2 Platform
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status = Confirmed, needs funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-11T23:54:48Z

Daniel Brzozowski:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = WebScarab NG
| Project Contribution (more than 6 months old) =
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership = Indonesia
| Conference Co-Leadership =
| Projected Funding Cost =
|-
| summit_attendee_current_owasp_involvement_name1 = WebScarab NG
| summit_attendee_current_owasp_involvement_url_1 =
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 =
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status = Confirmed, needs funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}

Summit 2011 Attendee/Attendee122

2011-01-11T23:49:04Z

Daniel Brzozowski:

{{Template:<img _fck_mw_includeonly="true" _fckrealelement="3" _fckfakelement="true" src="http://www.owasp.org/extensions/FCKeditor/fckeditor/editor/images/spacer.gif" class="FCK__MWIncludeonly"><img _fck_mw_noinclude="true" _fckrealelement="2" _fckfakelement="true" src="http://www.owasp.org/extensions/FCKeditor/fckeditor/editor/images/spacer.gif" class="FCK__MWNoinclude">
|-
| summit_attendee_name1 = Daniel Brzozowski
| summit_attendee_email1 = daniel@brzozowski.biz
| summit_attendee_wiki_username1 = Daniel Brzozowski
|-
| summit_attendee_company =
|-
| Project Leadership (less than 6 months old) =
| Project Leadership (more than 6 months old) =
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = WebScarab NG
| Project Contribution (more than 6 months old) =
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership =
| Conference Co-Leadership =
| Projected Funding Cost = 900
|-
| summit_attendee_current_owasp_involvement_name1 =
| summit_attendee_current_owasp_involvement_url_1 =
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 =
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status =
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee122
| attendee_home_page =  Summit_2011_Attendee/Attendee122
}}