https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=LeocavallariOWASP - User contributions [en]2026-04-20T18:10:39ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=User:Leocavallari&diff=88130User:Leocavallari2010-08-27T22:50:25Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [http://www.linkedin.com/in/leocavallari Profile], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].<br />
<br />
'''Short Bio:'''<br />
<br />
Leonardo Cavallari has a Msc. degree on Network Security from University of Sao Paulo, SANS GIAC, specialist on IT security and member of the GPC - Global Committee Projects. He develop projects on information security for more than 10 years, focused on pentest, review of application security controls, IT infraestructure review and implementation consulting.<br><br />
<br />
In his journey, he did network and application pen-tests for major financial institutions in Brazil, including Unibanco, Itaú, Santander, CIP/CETIP, among others.<br><br />
He is founder of [http://www.ibliss.com.br | iBLISS Security & Intelligence]<br />
<br />
'''Resumo:'''<br />
<br />
Leonardo Cavallari, mestre em engenharia pela USP, certificado SANS GIAC, especialista em segurança da informação e membro do Comitê Global de Projetos da OWASP, realiza projetos em segurança da informação há mais de 10 anos, focado em testes de invasão, revisão de controles de aplicação, revisão de TI e consultoria de implementação.<br><br />
<br />
Em sua trajetório, realizou projetos de teste de invasão de rede e aplicações junto às maiores instituições financeiras do país, como Unibanco, Itaú, Santander, CIP/CETIP, entre outras.<br><br />
É sócio-fundador da [http://www.ibliss.com.br | iBLISS Segurança & Inteligência], consultoria focada em Segurança de TI.</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User:Leocavallari&diff=88129User:Leocavallari2010-08-27T22:50:02Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [http://www.linkedin.com/in/leocavallari Profile], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].<br />
<br />
'''Short Bio:'''<br />
<br />
Leonardo Cavallari has a Msc. degree on Network Security from University of Sao Paulo, SANS GIAC, specialist on IT security and member of the GPC - Global Committee Projects. He develop projects on information security for more than 10 years, focused on pentest, review of application security controls, IT infraestructure review and implementation consulting.<br><br />
<br />
In his journey, he did network and application pen-tests for major financial institutions in Brazil, including Unibanco, Itaú, Santander, CIP/CETIP, among others.<br><br />
He is founder of [http://www.ibliss.com.br | iBLISS Security & Intelligence]<br />
<br />
'''Resumo:'''<br />
Leonardo Cavallari, mestre em engenharia pela USP, certificado SANS GIAC, especialista em segurança da informação e membro do Comitê Global de Projetos da OWASP, realiza projetos em segurança da informação há mais de 10 anos, focado em testes de invasão, revisão de controles de aplicação, revisão de TI e consultoria de implementação.<br><br />
<br />
Em sua trajetório, realizou projetos de teste de invasão de rede e aplicações junto às maiores instituições financeiras do país, como Unibanco, Itaú, Santander, CIP/CETIP, entre outras.<br><br />
É sócio-fundador da [http://www.ibliss.com.br | iBLISS Segurança & Inteligência], consultoria focada em Segurança de TI.</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User:Leocavallari&diff=88128User:Leocavallari2010-08-27T22:49:10Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [http://www.linkedin.com/in/leocavallari Profile], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].<br />
<br />
Short Bio:<br />
Leonardo Cavallari has a Msc. degree on Network Security from University of Sao Paulo, SANS GIAC, specialist on IT security and member of the GPC - Global Committee Projects. He develop projects on information security for more than 10 years, focused on pentest, review of application security controls, IT infraestructure review and implementation consulting.<br />
<br />
In his journey, he did network and application pen-tests for major financial institutions in Brazil, including Unibanco, Itaú, Santander, CIP/CETIP, among others.<br />
He is founder of [http://www.ibliss.com.br | iBLISS Security & Intelligence]<br />
<br />
Resumo:<br />
Leonardo Cavallari, mestre em engenharia pela USP, certificado SANS GIAC, especialista em segurança da informação e membro do Comitê Global de Projetos da OWASP, realiza projetos em segurança da informação há mais de 10 anos, focado em testes de invasão, revisão de controles de aplicação, revisão de TI e consultoria de implementação.<br />
<br />
Em sua trajetório, realizou projetos de teste de invasão de rede e aplicações junto às maiores instituições financeiras do país, como Unibanco, Itaú, Santander, CIP/CETIP, entre outras.<br />
É sócio-fundador da [http://www.ibliss.com.br | iBLISS Segurança & Inteligência], consultoria focada em Segurança de TI.</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Project_Information:template_ASDR_Project&diff=88127Project Information:template ASDR Project2010-08-27T22:36:32Z<p>Leocavallari: </p>
<hr />
<div>----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br />
| colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Application Security Desk Reference (ASDR) Project''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description''' <br />
| colspan="7" style="width:85%; background:#cccccc" align="left"|This project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''<br />
| style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Leocavallari|'''Leonardo Cavallari Militelli''']] <br />
| style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if any)<br />
| style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-asdr-project '''Subscribe here''']<br />
| style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br />
| style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Alpha Status Projects|'''Documentation''']]<br />
| style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]<br>[http://www.ibliss.com.br '''iBLISS Segurança&Inteligência'''] <br />
|}<br />
{| style="width:100%" border="0" align="center" <br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status''' <br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''<br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects''' <br />
|-<br />
| style="width:29%; background:#cccccc" align="center"|<br />
'''[[:Category:OWASP_Project_Assessment#Alpha_Quality_Documentation_Criteria|Alpha Quality]]'''<br>[[:OWASP ASDR Project - Assessment Frame|Please see here for complete information.]]<br />
| style="width:42%; background:#cccccc" align="center"|<br />
[[:OWASP ASDR Workplan|OWASP ASDR Workplan]]<br><br />
[[:OWASP Honeycomb Project Roadmap|Old Honeycomb Roadmap]]<br><br />
| style="width:29%; background:#cccccc" align="center"|<br />
[[:Category:OWASP Honeycomb Project|OWASP Honeycomb Project]]<br>[http://cve.mitre.org/cwe/about/index.html Common Weakness Enumeration (CWE)]<br>[http://samate.nist.gov/index.php/Main_Page Software Assurance Metrics and Tool Evaluation (SAMATE)] <br />
|}<br />
----</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_ModSecurity_2.0.6_-_Assessment&diff=87947Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.0.6 - Assessment2010-08-25T00:57:09Z<p>Leocavallari: /* Stable Release Review of the OWASP ModSecurity Core Rule Set Project - Release ModSecurity 2.0.6 */</p>
<hr />
<div><small>[[:Category:OWASP ModSecurity Core Rule Set Project|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP ModSecurity Core Rule Set Project - Release ModSecurity 2.0.6 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[[User:Rcbarnett|Ryan Barnett]]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= (answer #1) <br />
1. have an up to date project template with current project information? - YES<br />
2. have a conference style presentation that describes the tool/document in at least 3 slides? - YES<br />
3. have a one sheet overview document about the project? - NO<br />
4. have a link to a working mail list? - YES<br />
5. have a statement of the application security issue the project addresses? - YES<br />
6. have a project roadmap? - YES<br />
7. project leaders and main contributors have a wiki account (with its user page containing contact details about the user and if possible his CV) - YES<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= (answer #2) <br />
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= (answer #3)<br />
http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/<br />
<br />
| 4. Is there working code? <br />
= (answer #4)<br />
http://sourceforge.net/projects/mod-security/files/modsecurity-crs/<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= (answer #5)<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_Roadmap<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= (answer #6)<br />
YES<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= (answer #7)<br />
Not applicable. CRS is not a standalone project that can be installed with an installer.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= (answer #8)<br />
YES<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Documentation<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= (answer #9)<br />
YES - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Project_Details<br />
<br />
# Project Name - ModSecurity Core Rule Set (CRS)<br />
# Short Description - The Core Rule Set (CRS) provides critical protections against web attacks. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, <br />
the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, <br />
which are in most cases custom coded. <br />
# Project Release Lead and contact information (e.g. email address) - Ryan Barnett ryan.barnett@breach.com<br />
# Project Release Contributors (if any) - Brian Rectanus<br />
# Project Release License - GNU General Public License - Version 2.0<br />
# Project Release Sponsors (if any) - Breach Security Labs<br />
# Release status and date assessed as Month-Year (e.g. March 2009) - Not Yet Reviewed by OWASP. An important point to consider is that the CRS is not the typical OWASP project. Most projects start out as ideas, then move to documentation<br />
and eventually working code. The CRS is in the opposite position in that Breach Security Labs developed these rules over the past 3-4 years. So, we brought a project with<br />
fully working code that is running on thousands of web servers. The code itself is well tested. What was lacking was documentation which as since been updated.<br />
# Link to OWASP Project Page - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= (answer #10)<br />
Not applicable, as no building is needed.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= (answer #11)<br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= (answer #12)<br />
YES<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= (answer #13) <br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= (answer #14)<br />
Not applicable, as no building is needed.<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= (answer #15)<br />
YES - JIRA Ticket System:<br />
https://www.modsecurity.org/tracker/browse/CORERULES <br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= (answer #15)<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Ivanr|Ivan Ristic]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Not applicable. ModSecurity rules cannot be installed with an installer.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Not applicable. The rules do use the SecComponentSignature to identify themselves, which is the closest thing to having an “About box” in these circumstances.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= Not applicable. Building is not necessary as the rules are evaluated at runtime.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes.<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Not applicable. No building is necessary.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= The bug tracking system is very much usable. JIRA is pretty much the best tracking system available. It is hosted elsewhere, but that’s a big plus in this case (because the code is hosted at SourceForge, and its tracking systems are all bad.)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes. The Core Rules are a substantial piece of work that provides significant security qualities. Nothing similar is available elsewhere. It’s easily the best rule set there is.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= I don’t believe anything else is required for a stable release. Of course, the rules can be improved, but that’s a matter of new research.<br />
There are two areas in which I would like to see improvement:<br />
• More involvement from the community. For the rules to flourish, there must be a sustained community involvement. Ryan is already very clear about leading the project into this direction (as demonstrated by his messages on the mailing list).<br />
• Transparency. This is always a difficult goal to achieve with WAF rules. I would like to see clear justification of every rule in the set, explanation of the attack it was designed to handle, and explanation of the way in which it works.<br />
In talking to Ryan, it is clear that there already are activities under way to address both of the above points.<br />
<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = There's no need for an installer, just to unpack the package in proper directory. It could have a more detailed explanation about this process on Installation page.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes, except by installation procedure. Although the project is about a rule set that only needs to be unpacked, I missed Mod Security installation and basic configuration procedures or, at least, relevant links that point to it, since the project by itself makes no sense without a running Mod Security installation.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes. Users can find latest improvements into CHANGELOG and README files.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= There`s no need for this information. <br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes, there's no need to operate it, since it runs as an Apache module. The logs are reported in a format that could be more comprehensive and easy to parse/read without a proprietary solution.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Yes. The process is based on extract and copy files to proper directory.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= Yes. It uses the well know JIRA.<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= Yes, not related to CRS by itself, but to Mod Security. It was impossible to coexist Mod Security with 2 of 5 real world applications I tested during my review, even with specific configurations.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes, it a very comprehensive rules set to detect/block webapp attacks.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= No, nothing is missing. The Core Rules Set is very mature and easy to use.<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_ModSecurity_2.0.6_-_Assessment&diff=87946Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.0.6 - Assessment2010-08-25T00:50:09Z<p>Leocavallari: /* Stable Release Review of the OWASP ModSecurity Core Rule Set Project - Release ModSecurity 2.0.6 */</p>
<hr />
<div><small>[[:Category:OWASP ModSecurity Core Rule Set Project|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP ModSecurity Core Rule Set Project - Release ModSecurity 2.0.6 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[[User:Rcbarnett|Ryan Barnett]]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= (answer #1) <br />
1. have an up to date project template with current project information? - YES<br />
2. have a conference style presentation that describes the tool/document in at least 3 slides? - YES<br />
3. have a one sheet overview document about the project? - NO<br />
4. have a link to a working mail list? - YES<br />
5. have a statement of the application security issue the project addresses? - YES<br />
6. have a project roadmap? - YES<br />
7. project leaders and main contributors have a wiki account (with its user page containing contact details about the user and if possible his CV) - YES<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= (answer #2) <br />
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= (answer #3)<br />
http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/<br />
<br />
| 4. Is there working code? <br />
= (answer #4)<br />
http://sourceforge.net/projects/mod-security/files/modsecurity-crs/<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= (answer #5)<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_Roadmap<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= (answer #6)<br />
YES<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= (answer #7)<br />
Not applicable. CRS is not a standalone project that can be installed with an installer.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= (answer #8)<br />
YES<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Documentation<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= (answer #9)<br />
YES - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Project_Details<br />
<br />
# Project Name - ModSecurity Core Rule Set (CRS)<br />
# Short Description - The Core Rule Set (CRS) provides critical protections against web attacks. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, <br />
the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, <br />
which are in most cases custom coded. <br />
# Project Release Lead and contact information (e.g. email address) - Ryan Barnett ryan.barnett@breach.com<br />
# Project Release Contributors (if any) - Brian Rectanus<br />
# Project Release License - GNU General Public License - Version 2.0<br />
# Project Release Sponsors (if any) - Breach Security Labs<br />
# Release status and date assessed as Month-Year (e.g. March 2009) - Not Yet Reviewed by OWASP. An important point to consider is that the CRS is not the typical OWASP project. Most projects start out as ideas, then move to documentation<br />
and eventually working code. The CRS is in the opposite position in that Breach Security Labs developed these rules over the past 3-4 years. So, we brought a project with<br />
fully working code that is running on thousands of web servers. The code itself is well tested. What was lacking was documentation which as since been updated.<br />
# Link to OWASP Project Page - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= (answer #10)<br />
Not applicable, as no building is needed.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= (answer #11)<br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= (answer #12)<br />
YES<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= (answer #13) <br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= (answer #14)<br />
Not applicable, as no building is needed.<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= (answer #15)<br />
YES - JIRA Ticket System:<br />
https://www.modsecurity.org/tracker/browse/CORERULES <br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= (answer #15)<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Ivanr|Ivan Ristic]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Not applicable. ModSecurity rules cannot be installed with an installer.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Not applicable. The rules do use the SecComponentSignature to identify themselves, which is the closest thing to having an “About box” in these circumstances.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= Not applicable. Building is not necessary as the rules are evaluated at runtime.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes.<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Not applicable. No building is necessary.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= The bug tracking system is very much usable. JIRA is pretty much the best tracking system available. It is hosted elsewhere, but that’s a big plus in this case (because the code is hosted at SourceForge, and its tracking systems are all bad.)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes. The Core Rules are a substantial piece of work that provides significant security qualities. Nothing similar is available elsewhere. It’s easily the best rule set there is.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= I don’t believe anything else is required for a stable release. Of course, the rules can be improved, but that’s a matter of new research.<br />
There are two areas in which I would like to see improvement:<br />
• More involvement from the community. For the rules to flourish, there must be a sustained community involvement. Ryan is already very clear about leading the project into this direction (as demonstrated by his messages on the mailing list).<br />
• Transparency. This is always a difficult goal to achieve with WAF rules. I would like to see clear justification of every rule in the set, explanation of the attack it was designed to handle, and explanation of the way in which it works.<br />
In talking to Ryan, it is clear that there already are activities under way to address both of the above points.<br />
<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = There's no need for an installer, just to unpack the package in proper directory. It could have a more detailed explanation about this process on Installation page.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes, except by installation procedure. Although the project is about a rule set that only needs to be unpacked, I missed Mod Security installation and basic configuration procedures or, at least, relevant links that point to it, since the project by itself makes no sense without a running Mod Security installation.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes. Users can find latest improvements into CHANGELOG and README files.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= There`s no need for this information. <br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes, there's no need to operate it, since it runs as an Apache module. The logs are reported in a format that could be more comprehensive and easy to parse/read.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Yes. The process is based on extract and copy files to proper directory.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= Yes. It uses the well know JIRA.<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= Yes, not related to CRS by itself, but to Mod Security. It was impossible to coexist Mod Security with 2 of 5 real world applications I tested during my review.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes, it a very comprehensive rules set to detect/block webapp attacks.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= No, nothing is missing. The Core Rules Set is very mature and easy to use.<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_ModSecurity_2.0.6_-_Assessment&diff=87945Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.0.6 - Assessment2010-08-25T00:44:11Z<p>Leocavallari: </p>
<hr />
<div><small>[[:Category:OWASP ModSecurity Core Rule Set Project|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP ModSecurity Core Rule Set Project - Release ModSecurity 2.0.6 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[[User:Rcbarnett|Ryan Barnett]]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= (answer #1) <br />
1. have an up to date project template with current project information? - YES<br />
2. have a conference style presentation that describes the tool/document in at least 3 slides? - YES<br />
3. have a one sheet overview document about the project? - NO<br />
4. have a link to a working mail list? - YES<br />
5. have a statement of the application security issue the project addresses? - YES<br />
6. have a project roadmap? - YES<br />
7. project leaders and main contributors have a wiki account (with its user page containing contact details about the user and if possible his CV) - YES<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= (answer #2) <br />
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= (answer #3)<br />
http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/<br />
<br />
| 4. Is there working code? <br />
= (answer #4)<br />
http://sourceforge.net/projects/mod-security/files/modsecurity-crs/<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= (answer #5)<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_Roadmap<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= (answer #6)<br />
YES<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= (answer #7)<br />
Not applicable. CRS is not a standalone project that can be installed with an installer.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= (answer #8)<br />
YES<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Documentation<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= (answer #9)<br />
YES - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Project_Details<br />
<br />
# Project Name - ModSecurity Core Rule Set (CRS)<br />
# Short Description - The Core Rule Set (CRS) provides critical protections against web attacks. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, <br />
the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, <br />
which are in most cases custom coded. <br />
# Project Release Lead and contact information (e.g. email address) - Ryan Barnett ryan.barnett@breach.com<br />
# Project Release Contributors (if any) - Brian Rectanus<br />
# Project Release License - GNU General Public License - Version 2.0<br />
# Project Release Sponsors (if any) - Breach Security Labs<br />
# Release status and date assessed as Month-Year (e.g. March 2009) - Not Yet Reviewed by OWASP. An important point to consider is that the CRS is not the typical OWASP project. Most projects start out as ideas, then move to documentation<br />
and eventually working code. The CRS is in the opposite position in that Breach Security Labs developed these rules over the past 3-4 years. So, we brought a project with<br />
fully working code that is running on thousands of web servers. The code itself is well tested. What was lacking was documentation which as since been updated.<br />
# Link to OWASP Project Page - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= (answer #10)<br />
Not applicable, as no building is needed.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= (answer #11)<br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= (answer #12)<br />
YES<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= (answer #13) <br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= (answer #14)<br />
Not applicable, as no building is needed.<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= (answer #15)<br />
YES - JIRA Ticket System:<br />
https://www.modsecurity.org/tracker/browse/CORERULES <br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= (answer #15)<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Ivanr|Ivan Ristic]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Not applicable. ModSecurity rules cannot be installed with an installer.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Not applicable. The rules do use the SecComponentSignature to identify themselves, which is the closest thing to having an “About box” in these circumstances.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= Not applicable. Building is not necessary as the rules are evaluated at runtime.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes.<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Not applicable. No building is necessary.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= The bug tracking system is very much usable. JIRA is pretty much the best tracking system available. It is hosted elsewhere, but that’s a big plus in this case (because the code is hosted at SourceForge, and its tracking systems are all bad.)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes. The Core Rules are a substantial piece of work that provides significant security qualities. Nothing similar is available elsewhere. It’s easily the best rule set there is.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= I don’t believe anything else is required for a stable release. Of course, the rules can be improved, but that’s a matter of new research.<br />
There are two areas in which I would like to see improvement:<br />
• More involvement from the community. For the rules to flourish, there must be a sustained community involvement. Ryan is already very clear about leading the project into this direction (as demonstrated by his messages on the mailing list).<br />
• Transparency. This is always a difficult goal to achieve with WAF rules. I would like to see clear justification of every rule in the set, explanation of the attack it was designed to handle, and explanation of the way in which it works.<br />
In talking to Ryan, it is clear that there already are activities under way to address both of the above points.<br />
<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = There's no need for an installer, just to unpack the package in proper directory. It could have a more detailed explanation about this process on Installation page.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes, except by installation procedure. Although the project is about a rule set that only needs to be unpacked, I missed Mod Security installation and basic configuration procedures or, at least, relevant links that point to it, since the project by itself makes no sense without a running Mod Security installation.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes. Users can find latest improvements into CHANGELOG and README files.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= There`s no need for this information. <br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes, there's no need to operate it, since it runs as an Apache module. The logs are reported in a format that could be more comprehensive and easy to parse/read.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Yes. The process is based on extract and copy files to proper directory.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= Yes. It uses the well know JIRA.<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes, it a very comprehensive rules set to detect/block webapp attacks.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= No, nothing is missing. The Core Rules Set is very mature and easy to use. <br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=AppSec_Brasil_2010_(pt-br)&diff=87869AppSec Brasil 2010 (pt-br)2010-08-23T13:04:46Z<p>Leocavallari: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:LogoAppSecBrazil.002.jpg|center]] <br />
<br />
'''The English version is [[AppSec Brasil 2010|here]]''' <br />
<br />
= OWASP AppSec Brasil 2010 =<br />
<br />
A segunda edição da versão brasileira da série de conferências mais importante da OWASP ocorrerá em Campinas, SP. A conferência terá dois dias de treinamentos, seguidos de dois dias de conferência em trilha única. <br />
<center><br />
[[Image:AppSec Brasil 2010 Campinas.jpg|500px]] <br />
</center> <br />
== Datas Importantes ==<br />
<br />
A Conferência ocorrerá entre 16 e 19 de novembro de 2010. Os primeiros dois dias serão dedicados aos treinamentos. As plenárias ocorrerão em 18 e 19 de novembro de 2010. <br />
<br />
<center>'''<span style="color: rgb(255, 0, 0); font-size: 14pt"> A data final de apresentação de propostas foi adiada para 23/09 </span>''' </center><br />
<br />
<br />
<br />
<br> <!-- Header --> <br />
<br />
==== Sobre ====<br />
<br />
== Sobre a Conferência ==<br />
<br />
Dando prosseguimento ao sucesso da primeira AppSec Brasil, que ocorreu em Brasília em 2009, o Capítulo brasileiro do OWASP irá promover a segunda edição em 2010, na cidade de Campinas, a cerca de 90 km de São Paulo <br />
<br />
Campinas é a terceira maior cidade do estado de São Paulo (e a maior fora da área metropolitana da Capital) e é um importante polo econômico, abrigando universidades e centros de pesquisa de renome internacional. A cidade também concentra muitas indústrias de alta tecnologia, incluindo multi-nacionais dos ramos de eletrônicos, telecomunicações e quimicos. <br />
<br />
Este ano, esperamos reunir um número expressivo de profissionais e pesquisadores brasileiros e latino-americanos para compartilharem informações sobre o estado-da-arte da segurança de aplicações. <br />
<br />
==== Chamadas de trabalhos ====<br />
<pre>**PRORROGAÇÃO DE PRAZO PARA SUBMISSÕES - 23 de agosto**<br />
**APPSEC BRASIL 2010**<br />
**CHAMADA DE TRABALHOS**<br />
<br />
O OWASP (Open Web Application Security Project) solicita propostas de apresentações para a conferência AppSec Brasil 2010,<br />
que ocorrerá na Fundação CPqD em Campinas, SP, de 16 a 19 de novembro de 2010. Haverá mini-cursos nos dias 16 e 17, seguidos<br />
de sessões plenárias detrilha única nos dias 18 e 19 de novembro de 2010.<br />
<br />
Buscamos pessoas e organizações que queiram ministrar palestras sobre segurança de aplicações. Em particular destacamos os seguintes<br />
tópicos de interesse:<br />
- Modelagem de ameaças em aplicações<br />
- Riscos de Negócio em Segurança de aplicações<br />
- Aplicações de Revisões de Código<br />
- Métricas Aplicadas a Segurança de Aplicações<br />
- Ferramentas e Projetos do OWASP<br />
- Tópicos de Privacidade em Aplicações e Armazenamento de Dados<br />
- Práticas de Programação Segura<br />
- Programas de Segurança para todo o Ciclo de Vida de aplicações<br />
- Tópicos de Segurança para tecnologias específicas (AJAX, XML, Flash, etc)<br />
- Controles de Segurança para aplicações Web<br />
- Testes de Segurança de aplicações Web<br />
- Segurança de Web Services ou XML<br />
<br />
A lista de tópicos não é exaustiva; outros tópicos podem ser abordados, desde que em consonância com o tema central do evento.<br />
<br />
Para submeter uma proposta, preencha o formulário disponível em http://www.owasp.org/images/6/68/OWASP_AppSec_Brasil_2010_CFP%28pt-br%29.rtf.zip,<br />
que deve ser enviado através da página da conferência no site Easychair: http://www.easychair.org/conferences/?conf=appsecbr2010<br />
<br />
Cada apresentação terá 45 minutos de duração, seguidos de 10 minutos para perguntas da platéia. Todas as apresentações deverão estar<br />
em conformidade com as regras definidas pelo OWASP em seu "Speaker Agreement".<br />
<br />
**Datas importantes:**<br />
A data limite para apresentação de propostas é 23 de agosto de 2010 às 23:59, horário de Brasília.<br />
A notificação de aceitação ocorrerá até o dia 8 de setembro de 2010.<br />
A versão final das apresentações deverá ser enviada até o dia 30 de setembro de 2010.<br />
<br />
A comissão organizadora da conferência pode ser contatada pelo e-mail: organizacao2010@appsecbrasil.org<br />
<br />
Para mais informações, favor consultar as seguintes páginas:<br />
Página da conferência:<br />
http://www.owasp.org/index.php/AppSec_Brasil_2010_(pt-br)<br />
<br />
OWASP Speaker Agreement (em inglês):<br />
http://www.owasp.org/index.php/Speaker_Agreement<br />
<br />
Página do OWASP:<br />
http://www.owasp.org<br />
<br />
Página da conferência no Easychair:<br />
http://www.easychair.org/conferences/?conf=appsecbr2010<br />
<br />
Formulário para apresentação de propostas:<br />
<br />
http://www.owasp.org/images/6/68/OWASP_AppSec_Brasil_2010_CFP%28pt-br%29.rtf.zip<br />
<br />
********* ATENÇÃO: Não serão aceitas propostas sem TODAS as informações solicitadas no formulário *********<br />
<br />
Favor divulgar a todos os possíveis interessados.<br />
</pre> <br />
== Chamada de mini-cursos ==<br />
<pre>**APPSEC BRASIL 2010**<br />
**CHAMADA DE MINI-CURSOS**<br />
<br />
O OWASP (Open Web Application Security Project) solicita propostas de apresentações para a conferência AppSec Brasil 2010, <br />
que ocorrerá na Fundação CPqD em Campinas, SP, de 16 a 19 de novembro de 2010. Haverá mini-cursos nos dias 16 e 17, <br />
seguidos de sessões plenárias de trilha única nos dias 18 e 19 de novembro de 2010.<br />
<br />
Buscamos pessoas e organizações que queiram ministrar mini-cursos sobre segurança de aplicações. <br />
Destacamos os seguintes tópicos de interesse:<br />
- Modelagem de ameaças em aplicações (Application Threat Modeling)<br />
- Riscos de Negócio em Segurança de aplicações (Business Risks with Application Security)<br />
- Aplicações de Revisões de Código (Hands-on Source Code Review)<br />
- Métricas Aplicadas a Segurança de Aplicações (Metrics for Application Security)<br />
- Ferramentas e Projetos do OWASP (OWASP Tools and Projects)<br />
- Tópicos de Privacidade em Aplicações e Armazenamento de Dados (Privacy Concerns with <br />
Applications and Data Storage)<br />
- Práticas de Programação Segura (Secure Coding Practices)<br />
- Programas de Segurança para todo o Ciclo de Vida de aplicações (Secure Development Lifecycle Programs)<br />
- Tópicos de Segurança para tecnologias específicas (AJAX, XML, Flash, etc) (Technology specific presentations on <br />
security such as AJAX, XML, etc)<br />
- Controles de Segurança para aplicações Web (Web Application Security countermeasures)<br />
- Testes de Segurança de aplicações Web (Web Application Security Testing)<br />
- Segurança de Web Services ou XML (Web Services, XML and Application Security)<br />
<br />
A lista de tópicos não é exaustiva; outros tópicos podem ser abordados, desde que em consonância com o tema central do evento.<br />
<br />
Para submeter uma proposta, preencha o formulário disponível em <br />
http://www.owasp.org/images/4/43/OWASP_AppSec_Brasil_2010_CFT%28pt-br%29.rtf.zip, que deve ser enviado por email <br />
para organizacao2010@appsecbrasil.org.<br />
<br />
Cada mini-curso poderá ter 1 ou 2 dias (8 horas por dia) de duração e deverão estar em conformidade com as regras definidas <br />
pelo OWASP em seu "Speaker Agreement". A conferência pagará aos instrutores pelo menos 30% do fatuamente de seus mini-cursos. <br />
Cursos que consigam atrair mais que o número mínimo de alunos poderão receber percentagens maiores (mais detalhes abaixo). <br />
Não haverá qualquer outro tipo de remuneração (passagens, hospedagem, etc) para os apresentadores ou autores dos mini-cursos. <br />
Caso seja necessário um arranjo diferente, favor entrar em contacto com o comitê organizador pelo email abaixo.<br />
<br />
**Remuneração**<br />
Os instrutores e autores dos cursos serão remunerados conforme a quantidade de alunos. Se o curso atrair apenas o número <br />
mínimo de alunos, a remuneração será 30% do faturamento. Para cada 10 alunos a mais, a remuneração será acrescida de 5% do <br />
faturamento, até um máximo de 45% do faturamento do curso. Por exemplo, para um curso de 1 dia para uma turma de 10 a <br />
19 alunos, os instrutores e autores receberão 30% do faturamento do curso. Para turmas entre 20 e 29 alunos, a remuneração <br />
sobe para 35% do faturamento e assim sucessivamente.<br />
<br />
Em casos excepcionais, poderá ser acordado um esquema diferente para remuneração dos instrutores. Possíveis interessados <br />
devem entrar em contato com a comissão organizadora pelo email organizacao2010@appsecbrasil.org<br />
<br />
**Valores das inscrições**<br />
Cursos de 1 dia: R$ 450 por aluno<br />
Cursos de 2 días: R$ 900 por aluno <br />
<br />
**Mínimo de alunos**<br />
10 alunos para cursos de 1 dia<br />
20 alunos para cursos de 2 dias<br />
<br />
**Datas importantes:**<br />
A data limite para apresentação de propostas é 26 de julho de 2010 às 23:59, horário de Brasília.<br />
A notificação de aceitação ocorrerá até o dia 16 de agosto de 2010.<br />
A versão final do material dos mini-cursos deverá ser enviada até o dia 15 de setembro de 2010.<br />
<br />
A comissão organizadora da conferência pode ser contactada pelo e-mail: organizacao2010@appsecbrasil.org<br />
<br />
Para mais informações, favor consultar as seguintes páginas:<br />
Página da conferência: http://www.owasp.org/index.php/AppSec_Brasil_2010_(pt-br)<br />
OWASP Speaker Agreement (em inglês): http://www.owasp.org/index.php/Speaker_Agreement<br />
Página do OWASP: http://www.owasp.org<br />
Página da conferência no Easychair: http://www.easychair.org/conferences/?conf=appsecbr2010<br />
Formulário para apresentação de propostas: http://www.owasp.org/images/4/43/OWASP_AppSec_Brasil_2010_CFT%28pt-br%29.rtf.zip<br />
<br />
********* ATENÇÃO: Não serão aceitas propostas sem TODAS as informações solicitadas no formulário *********<br />
<br />
Favor divulgar a todos os possíveis interessados.<br />
</pre> <br />
==== Patrocínio ====<br />
<br />
Estamos atualmente buscado patrocinadores para a edição 2010 da AppSec Brasil. Veja mais detalhes sobre as [[Media:OWASP_AppSec_Brasil_2010-Oportunidade_de_Patroc%C3%ADnio.pdf|oportunidades de patrocínio]]. <br />
<br />
Se estiver interessado em patrocinar o AppSec Brasil 2010, por favor entre em contato com a equipe organizadora da conferência pelo email organizacao2010@appsecbrasil.org. <br />
<br />
== Patrocinadores ==<br />
<br />
== Patrocinadores Platinum ==<br />
<br />
{|<br />
|-<br />
| [[Image:AppSec Brasil 2010 CPQD.jpg|200px|link=http://www.cpqd.com.br]]<br />
|-<br />
| &nbsp;<br />
|}<br />
<br />
== Patrocinadores Gold ==<br />
<br />
{|<br />
|-<br />
| [[Image:LeadComm Logo Screen.jpg|150px|link=http://www.leadcomm.com.br]]<br />
| width="50" | <br><br />
| [[Image:Logo PagSeguro-Uma empresa-UOL.jpg|150px|link=http://www.pagseguro.uol.com.br]]<br />
|-<br />
| &nbsp;<br />
|}<br />
<br />
== Patrocinadores Silver ==<br />
<br />
<br> <br />
<br />
=== Patrocinadores do kit da conferência ===<br />
{|<br />
| [[Image:Logotipo_Conviso_2009_Cor.png|150px]]<br />
| width="50" | <br><br />
| [[Image:lgClavis.png|100px|link=http://www.clavis.com.br]]<br />
|-<br />
| &nbsp;<br />
|-<br />
|}<br />
<br><br />
<br />
== Promoção ==<br />
<center><br />
[[Image:Appsec Brasil 2010 InstitutoTuring.png]] <br />
</center> <br />
==== Keynotes ====<br />
<br />
==Robert 'Rsnake' Hansen ==<br />
<br />
[http://www.sectheory.com/ SecTheory]<br />
<br />
''Title:'' '''TBD.'''<br />
<br />
''Bio:'' Robert Hansen, também conhecido como RSnake, é o fundador e CEO da empresa SecTheory. Trabalhou para empresas como Digital Island, Exodus Communications e Cable & Wireless ocupando diversos cargos desde Arquiteto de Segurança Sênior e eventualmente como gerente de produtos de diversos serviços da linha de serviços gerenciados de segurança. Também trabalhou no eBay como Gerente Global Sênior para Confiança e Segurança, focando em anti-phishing, anti-malware de DHTML e estratégias de anti-vírus. Posteriormente ele trabalhou como Diretor de Gerenciamento de Produtos para o site Realtor.com. Robert é membro do conselho consultivo para o Grupo Intrepidus, e anteriormente era membro do conselho consultivo técnico da ClickForensics e atualmente contribui para a estratégia de segurança de diversas companhias ''startup''.<br />
<br />
O Sr. Hansen escreveu o livro ''Detecting Malice'', publica conteúdo para a O'Reilly e é co-autor do livro ''XSS Exploits'' da editora Syngress. Ele é membro do grupo do NIST.gov para Métricas de Garantia de Software e Avaliação de Ferramentas com foco em ''scanners'' de segurança de aplicações e membro do grupo de Critérios de Avaliação de ''Scanners'' para Segurança de Aplicações (WASC-WASSEC). Passou instruções ao Departamento de Defesa no Pentágono e é palestrante em conferências como SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, conferências mundias da OWASP/WASC, SANS, Microsoft Bluehat, Blackhat, DefCon, SecTor, BSides, Networld+Interop e foi um ''keynote speaker'' na Conferência de ''Cyber''Segurança de Nova York, NITES e OWASP AppSec Asia. O Sr. Hansens é um membro da Ingragard, West Austin Rotary, WASC, IACSP, APWG, contribui para o guia OWASP 2.0 e está no Comitê de Conexões da OWASP.<br />
<br />
Robert também mantém o site http://ha.ckers.org onde discute sobre segurança de aplicações web e provê muitas informações úteis que podem ser usadas contra ataques de aplicações web.<br />
<br />
== Jeremiah Grossman ==<br />
<br />
[http://www.whitehatsec.com/ WhiteHat Security] <br />
<br />
''Título:'' '''A definir.''' <br />
<br />
''Bio:'' Jeremiah Grossman, fundador e CTO da WhiteHat Security, é um especialista em segurança web. É co-fundador do Web Application Security Consortium (WASC), foi escolhido pela InfoWorld um dos Top 25 CTOs em 2007 e é frequentemente citado em publicações técnicas ou de negócios. Publicou dezenas de artigos, foi o descobridor de várias técnicas avançadas de ataque e defesa e é co-autor do livro "XSS Attacks: Cross Site Scripting Exploits and Defense." Grossman é também um blogueiro influente que oferece idéias e encoraja um dálogo franco sobre pesquisas e tedências da segurança na web. Antes da WhiteHat, Grossman foi um "information security officer" no Yahoo! <br />
<br />
<br> <br />
<br />
==== Palestras Convidadas ====<br />
<br />
== Samy Kamkar==<br />
<br />
''Title:'' '''How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend.'''<br />
<br />
''Summary:'' <br />
This includes entertaining and newly discovered attacks including PHP session<br />
prediction and random numbers (accurately guessing PHP session cookies),<br />
browser protocol confusion (turning a browser into an SMTP server), firewall and<br />
NAT penetration via Javascript (turning your router against you), remote iPhone<br />
Google Maps hijacking (iPhone penetration combined with HTTP man-in-themiddle),<br />
extracting extremely accurate geolocation information from a Web browser<br />
(not using IP geolocation), and more.<br />
<br />
''Bio:''<br />
Samy Kamkar is best known for the Samy worm, the first XSS worm,<br />
infecting over one million users on MySpace in less than 24 hours. A cofounder<br />
of Fonality, Inc., an IP PBX company, Samy previously led the<br />
development of all top-level domain name server software and systems for<br />
Global Domains International (.ws).<br />
<br />
In the past 10 years, Samy has focused on evolutionary and genetic<br />
algorithmic software development, Voice over IP software development,<br />
automated security and vulnerability research in network security, reverse<br />
engineering, and network gaming. When not strapped behind the Matrix,<br />
Samy can be found stunt driving and getting involved in local community<br />
service projects.<br />
<br />
== Mano Paul ==<br />
<br />
''Title:'' '''TBD.''' <br />
<br />
''Bio:''<br />
Manoranjan (Mano) Paul is the Software Assurance Advisor for (ISC)2. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education. He founded and serves as the CEO & President of Express Certifications. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting. <br />
<br />
<br />
==== Agenda ====<br />
<br />
== Programa da Conferência - Dia 1 - 18 de novembro de 2010 ==<br />
<center><br />
{| width="80%" class="t"<br />
|-<br />
| width="14%" height="17" align="right" | 08:30 - 09:00 <br />
| bgcolor="#8595c2" align="CENTER" | '''Recepção'''<br />
|-<br />
| width="14%" height="17" align="right" | 09:00 - 09:20 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Cerimônia de Abertura'''<br />
|-<br />
| width="14%" height="49" align="right" | 09:20 - 10:30 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Dinis Cruz'''<br> Sobre o OWASP<br />
|-<br />
| width="14%" height="17" align="right" | 10:30 - 10:50 <br />
| bgcolor="#d98b66" align="CENTER" | '''Intervalo'''<br />
|-<br />
| width="14%" height="49" align="right" | 10:50 - 12:20 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Robert 'RSnake' Hansen'''<br> TBD<br />
|-<br />
| width="14%" height="17" align="right" | 12:20 - 14:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Almoço'''<br />
|-<br />
| width="14%" height="47" align="right" | 14:00 - 14:50 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''TBD<br>''' TBD<br />
|-<br />
| width="14%" height="32" align="right" | 14:50 - 15:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''TBD<br>''' TBD<br />
|-<br />
| width="14%" height="17" align="right" | 15:40 - 16:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Intervalo'''<br />
|-<br />
| width="14%" height="47" align="right" | 16:00 - 16:50 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''TBD<br>''' TBD<br />
|-<br />
| width="14%" height="32" align="right" | 16:50 - 17:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''TBD<br>''' TBD<br />
|-<br />
| width="14%" height="47" align="right" | 17:40 - 18:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Convidado'''<br> TBD<br />
|-<br />
| width="14%" height="17" align="right" | 18:30 - 18:35 <br />
| bgcolor="#cccccc" align="CENTER" | '''Encerramento do primeiro dia'''<br />
|}<br />
</center> <br />
<br><br />
<br />
== Programa da Conferência - Dia 2 - 19 de novembro de 2010 ==<br />
<center><br />
{| width="80%" class="t"<br />
|-<br />
| width="14%" height="17" align="right" | 08:30 - 09:00 <br />
| bgcolor="#8595c2" align="CENTER" | '''Recepção'''<br />
|-<br />
| width="14%" height="32" align="right" | 09:00 - 10:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Jeremiah Grossman'''<br> TBD<br />
|-<br />
| width="14%" height="17" align="right" | 10:30 - 10:50 <br />
| bgcolor="#d98b66" align="CENTER" | '''Intervalo'''<br />
|-<br />
| width="14%" height="47" align="right" | 10:30 - 11:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''TBD'''<br> TBD<br />
|-<br />
| width="14%" height="32" align="right" | 11:40 - 12:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''TBD'''<br> TBD<br />
|-<br />
| width="14%" height="17" align="right" | 12:30 - 14:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Almoço'''<br />
|-<br />
| width="14%" height="32" align="right" | 14:00 - 14:50 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Convidado'''<br> TBD<br />
|-<br />
| width="14%" height="32" align="right" | 14:50 - 15:40 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''TBD'''<br> TBD<br />
|-<br />
| width="14%" height="32" align="right" | 15:40 - 16:10 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Cel. Monclaro'''<br> Apresentação da RENASIC<br />
|-<br />
| width="14%" height="17" align="right" | 16:10 - 16:30 <br />
| bgcolor="#d98b66" align="CENTER" | '''Intervalo'''<br />
|-<br />
| width="14%" height="32" align="right" | 16:30 - 17:20 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''TBD'''<br> TBD<br />
|-<br />
| width="14%" height="32" align="right" | 15:40 - 16:10 <br />
| bgcolor="#eeeeee" align="CENTER" | '''TBD'''<br> TBD<br />
|-<br />
| width="14%" height="17" align="right" | 18:10 - 18:30 <br />
| bgcolor="#cccccc" align="CENTER" | '''Encerramento'''<br />
|}<br />
</center> <br />
<br> <br />
<br />
==== Treinamentos ====<br />
<br />
[[Image:Aspect logo.png]]<br />
<br />
== '''Codificação Segura em Aplicações J2EE''' ==<br />
<br />
[[Image:Jasonli appsecBR2010.jpg|frame]] <br />
<br />
'''<span style="color: rgb(255, 0, 0);"> Atenção: Este treinamento será ministrado em inglês SEM tradução simultânea. </span>''' <br />
<br />
'''Data e horário: 16 e 17 de Novembro (9 às 18 horas)'''<br> '''Instrutor: Jason Li'''<br> <br />
<br />
'''Resumo'''<br> A capacitação de desenvolvedores nas práticas de programação segura oferece o mais alto retorno de investimento em meio a todo o orçamento de segurança, através da eliminação de vulnerabilidades diretamente no código. O curso Aspectos de Programação Segura JAVA EE faz crescer a noção de questões relativas segurança de aplicações em meio aos desenvolvedores e fornece exemplos de “o que fazer” e “o que não fazer”. O curso é ministrado por um desenvolvedor experiente e apresentado de maneira bastante interativa. Este curso inclui exercícios “mão-na-massa” onde os alunos são chamados a executar análises e testes de segurança em uma aplicação Web Java EE real. Este ambiente especialmente planejado inclui falhas intencionais as quais os alunos deverão encontrar, diagnosticar e corrigir. O curso também faz uso de exercícios de programação Java EE, de forma a fornecer aos alunos uma experiência realista e “mão-na-massa” de desenvolvimento seguro. Os alunos obtêm essa experiência “mão-na-massa” usando ferramentas de teste de segurança de aplicações Web, disponíveis gratuitamente, de forma a buscar e diagnosticar falhas e aprender a evitá-las em seu próprio código.<br> <br />
<br />
'''Público Alvo'''<br> O publico esperado para este curso é composto por desenvolvedores de aplicações JAVA EE e por testadores que possuam conhecimentos de programação. <br />
<br />
'''Objetivos de Aprendizado'''<br> <br />
<br />
O objetivo maior do curso é assegurar que os desenvolvedores são capazes de projetar, construir e testar aplicações seguras Java EE e compreender a importância da segurança no processo.<br> <br />
<br />
'''Tópicos'''<br> <br />
<br />
*'''Aprendendo os Fundamentos Objetivos do HTTP'''<br> <br />
**Compreender e ser capaz de empregar as características de segurança<br />
<br />
envolvidas no uso do HTTP (e.g., cabeçalhos, cookies, SSL).<br> <br />
<br />
*'''Princípios e Padrões de Projeto'''<br> <br />
**Compreender e ser capaz de aplicar os princípios de projeto de<br />
<br />
segurança de aplicação.<br> <br />
<br />
*'''Ameaças'''<br> <br />
**Ser capaz de identificar e explicar as ameaças comuns à segurança de<br />
<br />
aplicações Web (cross-site scripting, SQL injection, ataques de “denial of service”, ataques de "Man-in-the-middle", etc.) e implementar técnicas para mitigar o risco.<br> <br />
<br />
*'''Autenticação e Gerência de Sessão'''<br> <br />
**Ser capaz de tratar credenciais de forma segura, ao fornecer um leque<br />
<br />
completo de suporte a funções de autenticação, incluindo login, troca, esquecimento e recuperação de senha, logout, re-autenticação e expiração de sessão.<br> <br />
<br />
*'''Controle de Acesso'''<br> <br />
**Ser capaz de implementar regras de controle de acesso à interface de<br />
<br />
usuário, lógica de negócio e camada de dados.<br> <br />
<br />
*'''Validação de Campos'''<br> <br />
**Ser capaz de reconhecer problemas potenciais na validação de campos,<br />
<br />
particularmente problemas de injection e Cross-site Scripting (XSS), e implementar os mecanismos apropriados de validação de campos informados pelo usuário ou obtidos a partir de outras fontes de entrada.<br> <br />
<br />
*'''Injeção de Comandos'''<br> <br />
**Compreender os perigos da injeção de comandos e as técnicas para<br />
<br />
evitar a introdução deste tipo de vulnerabilidade.<br> <br />
<br />
*'''Tratamento de Erros'''<br> <br />
**Ser capaz de implementar um tratamento consistente de erros (exceções)<br />
<br />
e um esquema de log para a aplicação Web como um todo.<br> <br />
<br />
*'''Criptografia'''<br> <br />
**Aprender em quais situações de deve aplicar técnicas de criptografia e<br />
<br />
ser capaz de escolher algoritmos, usar criptografia/decriptografia e funções de hash de forma segura.<br> <br />
<br />
'''O Instrutor'''<br> Jason é um instrutor notável, tendo comandado cinco diferentes cursos no período de um ano para nossos principais e diversos clientes de longa data. A base de clientes inclui uma grande instituição financeira, diversas empresas líderes do ramo de encomendas e logística e um líder na integração de sistemas governamentais.<br> <br />
<br />
Jason também já ministrou os cursos Testando a Segurança de Aplicações Web Anvançado e Construindo Aplicações Web Seguras na conferência OWASP 2008, na Bélgica e Índia.<br> <br />
<br />
Elogios comuns encontrados nas avaliações dos cursos de Jason incluem '''“Este é provavelmente um dos''' cursos mais importantes aos quais já fui exposto aqui”'''e '''“Um dos melhores instrutores que já tive. Um conhecimento efetivo do assunto. Manteve a turma interessada através do compartilhamento de exemplos pessoais reais os quais descreveram bons cenários”'''.<br>''' <br />
<br />
<br />
== Utilizando a API de segurança OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web ==<br />
<br />
'''<span style="color: rgb(255, 0, 0);"> Treinamento em português. </span>'''<br />
<br />
'''Data e horário: 16 de Novembro (9 às 18 horas)'''<br> '''Instrutor: Tarcizio Vieira Neto'''<br> <br />
<br />
'''Resumo'''<br />
<br />
A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação. A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso abordada as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios <br />
gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.<br />
<br />
<br />
'''Público Alvo'''<br />
<br />
O perfil desejado de audiência são pessoas ligadas à área de desenvolvimento e segurança de <br />
aplicações Web, tendo como pré-requisito conhecimentos básicos em tecnologias Web, <br />
protocolos de comunicação HTTP e HTTPs, princípios básicos de segurança: criptografia, hash e assinatura digital, <br />
programação Java para sistemas Web.<br />
<br />
<br />
'''Objetivos de Aprendizado'''<br />
<br />
* Conhecer as principais vulnerabilidades de segurança comumente encontradas em aplicações Web.<br />
* Apresentar a arquitetura da biblioteca ESAPI e o funcionamento de seus módulos com exemplos em código Java associados.<br />
* Apresentar o componente Web Application Firewall da ESAPI.<br />
<br />
<br />
'''Tópicos'''<br />
<br />
# Introdução<br />
## Mitos relacionados à segurança em Aplicações Web<br />
## Projeto OWASP<br />
# OWASP Top 10<br />
# Biblioteca OWASP ESAPI<br />
## Módulo de Validação e Codificação<br />
## Módulo de Autenticação<br />
## Módulo de Controle de Acesso<br />
## Módulo de utilitários HTTP<br />
## Módulo de tratamento de referência de acesso<br />
## Módulo de Criptografia<br />
## Módulo de Log<br />
## Módulo de Detecção de Intrusão<br />
## Integrando o módulo AppSensor com a ESAPI<br />
## Utilizando Filtros<br />
## Configurando a ESAPI<br />
## Módulo Web Application Firewall da ESAPI<br />
# Vantagens do Uso da Biblioteca ESAPI<br />
# Conclusões<br />
<br />
<br />
'''O Instrutor'''<br />
<br />
Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de <br />
Goiás (UFG), em Goiânia. Começou a carreira de desenvolvedor como estagiário em um projeto de iniciação tecnológica financiado pelo CNPq na empresa Estratégia, em Goiânia. Após concluir a graduação trabalhou por seis meses na empresa Fibonacci Soluções Ageis, na mesma cidade, no cargo de analista de desenvolvimento. Em seguida trabalhou por dois anos e oito meses na Força Aérea Brasileira como oficial <br />
analista de sistemas do quadro complementar no Centro de Computação da Aeronáutica <br />
de Brasília, onde adquiriu experiência com a tecnologias de certificação digital e colaborou no <br />
desenvolvimento de um sistema corporativo de gestão eletrônica de documentos. <br />
<br />
Atualmente trabalha no SERPRO desde novembro de 2009 como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia – CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de software, desde novembro de 2009, onde dedica-se prioritariamente na elaboração de guias que padronizam técnicas e ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web. <br />
Está cursando o curso de especialização em segurança da informação pela Universidade <br />
de Brasília (UnB) e possui ao todo <br />
mais de 5 anos de experiência com programação em Java.<br />
<br />
<br />
==The Art and Science of Threat Modeling Web Applications==<br />
<br />
'''<span style="color: rgb(255, 0, 0);"> Atenção: Este treinamento será ministrado em inglês SEM tradução simultânea. </span>''' <br />
<br />
'''Data e horário: 17 de Novembro (9 às 18 horas)'''<br> '''Instrutor: Mano Paul'''<br><br />
<br />
'''Resumo'''<br />
<br />
To secure your home, you will first need to know how the thief could possibly enter and exit and where you should store your valuables. The same is true of your web applications. Unless you know what the vulnerabilities and threats of your web applications are, and what security measures you should take to protect them, ev1L h@x0rS or the enemy within (insider) could take advantage of the vulnerabilities. <br />
Threat Modeling is a technique that you can use to identify ATVS (attacks, threats, vulnerabilities and safeguards) that could affect your web applications. Threat Modeling helps in designing your application securely from a confidentiality, integrity, availability, authentication, authorization and auditing perspective. It is an essential activity to be undertaken during the design stage of your SDLC and helps mitigate and minimize overall risk. <br />
<br />
<br />
'''Público Alvo'''<br />
<br />
O público alvo é composto por pessoal técnico e gerencial de organizações de desenvolvimento de sistemas, sem requisitos de conhecimento de linguagens ou metodologias de propogamação especificos.<br />
<br />
'''Objetivos de Aprendizado'''<br />
<br />
# Understand Threat Modeling; when to threat model and when not too<br />
# Translation of threats to risks for the organization<br />
# Have fun learning complex concepts with exercises and interactive games<br />
<br />
<br />
'''Tópicos'''<br />
<br />
Introduction <br />
# Why Threat Model? <br />
# Is Threat Modeling Right for You? <br />
# Challenges <br />
# Precursors <br />
# Data Classification and Threat Modeling <br />
# Web Application Security Mechanisms <br />
# Benefits of Threat Modeling <br />
# Common Glossary of Terms <br />
# Threat Agents <br />
# OWASP Top 10 and common application attacks<br />
# Threat Modeling Process <br />
# Attack Trees <br />
# Threat and Risk Frameworks e.g., STRIDE and DREAD <br />
# Threat to Risk translation<br />
# Threat Modeling (Hands-On Exercise)<br />
<br />
<br />
'''O Instrutor'''<br />
<br />
Manoranjan (Mano) Paul is the Software Assurance Advisor for (ISC)2. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education. He founded and serves as the CEO & President of Express Certifications. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting.<br />
<br />
<br />
==Segurança em Arquitetura Orientada a Serviço==<br />
<br />
'''<span style="color: rgb(255, 0, 0);"> Treinamento em português. </span>'''<br />
<br />
'''Data e horário: 17 de Novembro (9 às 18 horas)'''<br> '''Instrutores: Douglas Rodrigues, Julio Cesar Estrella e Nuno Manuel dos Santos Antunes'''<br> <br />
<br />
'''Resumo'''<br />
<br />
Web services são a pedra angular de Arquiteturas Orientadas a Serviços (SOA). Como<br />
componentes críticos de negócios, Web Services devem apresentar alta segurança. No<br />
entanto, a implantação de Web Services seguros é uma tarefa complexa. De fato, diversos<br />
estudos mostram que um grande número de Web Services são implantados com falhas de<br />
segurança que vão desde vulnerabilidades de código (por exemplo, vulnerabilidades que<br />
permitem a injeção de código, incluindo SQL Injection e XPath Injection) até a utilização<br />
incorreta das normas e protocolos de segurança. O objetivo desse minicurso é o de apresentar<br />
de forma teórica e prática ferramentas que permitem a detecção de vulnerabilidades e<br />
mecanismos e protocolos de segurança contra ataques.<br />
<br />
<br />
'''Público Alvo'''<br />
<br />
O público alvo é composto por pessoal técnico e operacional de organizações de desenvolvimento de sistemas, com requisitos de conhecimento de linguagens ou metodologias de propogamação especificos em nível intermediário.<br />
<br />
'''Objetivos de Aprendizado'''<br />
<br />
O minicurso proposto contribui para agregar novas tendências tecnológicas. O tema é bastante<br />
interessante no tocante aos grandes desafios da pesquisa em computação, uma vez que se<br />
insere de forma natural dentro do desenvolvimento tecnológico de qualidade, englobando por<br />
sua vez, sistemas disponíveis, corretos, seguros, escaláveis, persistentes e ubíquos, além de<br />
notoriamente, observando-se as conferências da área, que SOA, Web Services e segurança<br />
constituem tema de crescente investigação na área de computação, pois é atual e de interesse<br />
da comunidade acadêmica, bem como de profissionais que atuam amplamente no mercado de<br />
trabalho. O interesse por SOA tem crescido nos últimos anos por se tratar de uma abordagem<br />
que ajuda os sistemas a permanecerem escaláveis e flexíveis enquanto crescem, e que<br />
também pode auxiliar a resolver a lacuna negócio/TI. Os estudantes e profissionais da área<br />
terão a oportunidade de compreender os princípios básicos de detecção de vulnerabilidade em<br />
nível de código e também a detecção de ataques por meio de protocolos e mecanismos. A<br />
idéia é que os participantes possam utilizar o breve conhecimento adquirido neste minicurso<br />
para o desenvolvimento de aplicações distribuídas usando Web Services seguros e obterem<br />
conhecimento necessário para diagnosticar e prevenir ataques a esse tipo de aplicação.<br />
<br />
'''Tópicos'''<br />
<br />
# PADRÕES E PROTOCOLOS DE SEGURANÇA PAR WEB SERVICES<br />
# ATAQUES EM WEB SERVICES<br />
## Ataques de Negação de Serviço (Denial of Service)<br />
## Ataques de Força Bruta (Brute force)<br />
## Ataques Spoofing<br />
## Ataques de Inundação (Flooding)<br />
## Ataques por Injeção<br />
# AVALIANDO SEGURANÇA EM WEB SERVICES<br />
## Estudo de campo sobre segurança em Web Services<br />
## Análise “White-box”<br />
## Teste “Black-box”<br />
## Teste “Gray-box”<br />
## Estudo de campo sobre a eficácia de ferramentas de avaliação de segurança<br />
<br />
'''O Instrutor'''<br />
<br />
Júlio Cesar Estrella - Cursou Mestrado em Ciência da Computação e Matemática<br />
Computacional, na área de Sistemas Distribuídos (Instituto de Ciências Matemáticas e<br />
de Computação ICMC / Universidade de São Paulo – USP). Durante o Mestrado,<br />
trabalho com simulação de redes de filas em um projeto relacionado ao<br />
desenvolvimento de técnicas de negociação em modelos de servidores web com<br />
diferenciação de serviços. Doutor em Ciência da Computação e Matemática<br />
Computacional (Instituto de Ciências Matemáticas e de Computação ICMC /<br />
Universidade de São Paulo – USP). O tema do projeto de doutorado versou sobre<br />
arquiteturas orientadas a serviços com suporte à QoS, bem como caracterização de<br />
cargas de trabalho para Web Services e Composição de Serviços também com suporte<br />
à Qualidade de Serviço. Atualmente é professor da Universidade Tecnológica Federal<br />
do Paraná (UTFPR - Campo Mourão)<br />
<br />
Douglas Rodrigues - Mestrando em Ciências de Computação e Matemática<br />
Computacional pelo Instituto de Ciências Matemáticas e de Computação da<br />
Universidade de São Paulo - ICMC-USP/São Carlos. Bacharel em Ciência da<br />
Computação pelo Centro Universitário Eurípides de Marília - UNIVEM - Marília/SP. Atua<br />
principalmente nos seguintes temas: SOA, Web Services, avaliação de desempenho,<br />
criptografia e segurança.<br />
<br />
Nuno Manuel dos Santos Antunes - frequentou, entre 2003 e 2007, a Licenciatura em<br />
Engenharia Informática no Departamento de Engenharia Informática da Universidade de<br />
Coimbra. Desde 2008 que exerce investigação científica no grupo de Software and<br />
Systems Engineering (SSE) do Centro de Informática e Sistemas da Universidade de<br />
Coimbra (CISUC), em tópicos relacionados com metodologias e ferramentas para o<br />
desenvolvimento de Web Services sem vulnerabilidades. Concluiu em 2009 o Mestrado<br />
em Engenharia Informática no Departamento de Engenharia Informática da<br />
Universidade de Coimbra, com a classificação final de Muito Bom. Em 2009 iniciou o<br />
seu Doutoramento em Ciências e Tecnologias da Informação. Publicou 5 artigos<br />
científicos em conferências com processo de revisão pelos pares rigoroso, incluindo<br />
artigos nas conferências mais prestigiadas das áreas de confiabilidade e serviços.<br />
<br />
<br />
==Revisões de Segurança de Sistemas ASP.NET nos modos "black box" e "white-box" usando a plataforma OWASP O2==<br />
<br />
'''<span style="color: rgb(255, 0, 0);"> Este treinamento será ministrado em português usando materiais em inglês. </span>'''<br />
<br />
'''Data e horário: 16 de Novembro (9 às 18 horas)'''<br> '''Instrutor: Dinis Cruz'''<br><br />
<br />
'''Resumo'''<br />
<br />
This is a hands-on Training course on how to use the OWASP O2 Platform to perform both Black-Box and White-Box security reviews on ASP.NET Web Applications<br />
<br />
The course is designed for security consultants/developers who are responsible for performing Penetration Tests or Security Code Reviews. The course will show practical examples of how to use the OWASP O2 Platform to find, exploit and document security vulnerabities.<br />
<br />
For the course's labs, a number of test and real-world applications/frameworks will be used. In order to give the students a benign test enviroment which is easy to replicate, the (vulnerable-by-design) HacmeBank ASP.NET banking application will be used throughout the course.<br />
<br />
'''Tópicos'''<br />
<br />
* What is the OWASP O2 Platform and how to use it?<br />
* Using O2's Unit Tests for web exploration and browsing<br />
* Using O2's Unit Tests for web exploitation<br />
* Understanding and using O2's Web Automation Tools to find and exploit vulnerabilities in HacmeBank (Black-Box)<br />
* Understanding and using O2's AST .NET Scanner to find vulnerabilities in HacmeBank (White-Box)<br />
* Connecting the source-code traces with the web exploits to create a unified view of the vulnerabilties<br />
* Create 'Vulnerability-driven Unit Tests' to be delivered to Developers, QA/Testers and Managers<br />
* Customizing and writing new APIs (for new or modified frameworks)<br />
* Using O2 to consume results from open source tools and 3rd party commercial vendors<br />
* Case Study: Microsoft ASP.NET MVC<br />
* Case Study: Microsoft Sharpoint<br />
<br />
<br />
'''O Instrutor'''<br />
<br />
The course is delivered by Dinis Cruz who the lead developer of the OWASP O2 Platform and has created and delivered a number of .NET Security training courses<br />
<br />
== Local dos treinamentos ==<br />
<br />
A conferência será em Campinas, SP, na [http://www.cpqd.com.br Fundação CPQD]. <br />
<br />
Veja a localização usando o [http://maps.google.com.br/maps/ms?source=embed&hl=pt-BR&geocode=&ie=UTF8&update=1&t=h&msa=0&msid=104978801628275418750.000462bf2d1a49a7571af&ll=-22.83125,-47.044315&spn=0.03718,0.04034&z=14 Google Maps]<br />
<br />
== Como chegar ==<br />
<br />
TBD <br />
<br />
==== Inscrições ====<br />
<br />
== Inscrições online ==<br />
<br />
O formulário de inscrição está disponível em https://creator.zoho.com/lucas.ferreira/appsec/.<br />
<br />
== Valores ==<br />
<br />
'''Apenas a conferência (dias 18 e 19/11):'''<br />
<br />
* Antes de 16 de setembro: R$ 400,00<br />
* Antes de 16 de outubro: R$ 500,00<br />
* Antes de 12 de novembro: R$ 550,00<br />
* No local: R$ 600,00<br />
<br />
As inscrições no local estarão sujeitas à disponibilidade de lugares.<br />
<br />
'''Treinamentos'''<br />
<br />
* Um dia: R$ 450,00<br />
* Dois dias: R$ 900,00<br />
<br />
'''Descontos'''<br />
<br />
* Membro do OWASP: R$ 100,00 (Nota: Este desconto é maior do que a taxa anual de USD 50.00. Confira [http://www.google.com.br/#q=50+usd+in+brl&fp=1 aqui]<br />
* Estudantes: R$ 100.00 (Nota: Será necessário apresentar comprovante de matrícula).<br />
<br />
<br />
==== Organização ====<br />
<br />
== Comitês ==<br />
<br />
OWASP Global Conferences Committee Chair: Mark Bristow <br />
<br />
Líder do [[Brazilian|Capítulo Brasileiro]]: Wagner Elias <br />
<br />
Comissão organizadora do AppSec Brasil 2010 (organizacao2010 at appsecbrasil.org): <br />
<br />
*Conference General Chair: Lucas C. Ferreira <br />
*Tutorials Chair: Eduardo Camargo Neves <br />
*Tracks Chair: Luiz Otávio Duarte <br />
*Local Chair: Alexandre Melo Braga<br />
<br />
=== Equipe ===<br />
<br />
*Alexandre Melo Braga <br />
*Eduardo Camargo Neves <br />
*Lucas C. Ferreira <br />
*Luiz Otávio Duarte <br />
*Wagner Elias <br />
*Eduardo Alves Nonato da Silva <br />
*Leonardo Buonsanti <br />
*Dinis Cruz <br />
*Paulo Coimbra<br />
<br />
== Comitê de Programa ==<br />
* Alexandre Braga<br />
* Carlos Serrao<br />
* Eduardo alves<br />
* Fernando Cima<br />
* Leonardo Buonsanti<br />
* Lucas Ferreira<br />
* Luiz Duarte<br />
* Nelson Uto<br />
* Rodrigo Rubira<br />
* Wagner Elias<br />
<br />
<br> <br> <br />
<br />
==== Hospedagem ====<br />
<br />
TBD <br />
<br />
==== Links ====<br />
<br />
Blog: http://blog.appsecbrasil.org <br />
<br />
Twitter: http://twitter.com/owaspappsecbr<br />
<br />
== Notícias ==<br />
<br />
[http://g1.globo.com/Noticias/Tecnologia/0,,MUL1545935-6174,00-EM+COMPETICAO+DE+SEGURANCA+SAFARI+IE+E+FIREFOX+SAO+HACKEADOS.html Portal G1] <br />
<br />
<br> <headertabs /> <br />
<br />
[[Category:OWASP_AppSec_Conference]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_ModSecurity_2.0.6_-_Assessment&diff=86148Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.0.6 - Assessment2010-07-10T23:29:17Z<p>Leocavallari: </p>
<hr />
<div><small>[[:Category:OWASP ModSecurity Core Rule Set Project|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP ModSecurity Core Rule Set Project - Release ModSecurity 2.0.6 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[[User:Rcbarnett|Ryan Barnett]]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= (answer #1) <br />
1. have an up to date project template with current project information? - YES<br />
2. have a conference style presentation that describes the tool/document in at least 3 slides? - YES<br />
3. have a one sheet overview document about the project? - NO<br />
4. have a link to a working mail list? - YES<br />
5. have a statement of the application security issue the project addresses? - YES<br />
6. have a project roadmap? - YES<br />
7. project leaders and main contributors have a wiki account (with its user page containing contact details about the user and if possible his CV) - YES<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= (answer #2) <br />
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= (answer #3)<br />
http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/<br />
<br />
| 4. Is there working code? <br />
= (answer #4)<br />
http://sourceforge.net/projects/mod-security/files/modsecurity-crs/<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= (answer #5)<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_Roadmap<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= (answer #6)<br />
YES<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= (answer #7)<br />
Not applicable. CRS is not a standalone project that can be installed with an installer.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= (answer #8)<br />
YES<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation<br />
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Documentation<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= (answer #9)<br />
YES - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Project_Details<br />
<br />
# Project Name - ModSecurity Core Rule Set (CRS)<br />
# Short Description - The Core Rule Set (CRS) provides critical protections against web attacks. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, <br />
the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, <br />
which are in most cases custom coded. <br />
# Project Release Lead and contact information (e.g. email address) - Ryan Barnett ryan.barnett@breach.com<br />
# Project Release Contributors (if any) - Brian Rectanus<br />
# Project Release License - GNU General Public License - Version 2.0<br />
# Project Release Sponsors (if any) - Breach Security Labs<br />
# Release status and date assessed as Month-Year (e.g. March 2009) - Not Yet Reviewed by OWASP. An important point to consider is that the CRS is not the typical OWASP project. Most projects start out as ideas, then move to documentation<br />
and eventually working code. The CRS is in the opposite position in that Breach Security Labs developed these rules over the past 3-4 years. So, we brought a project with<br />
fully working code that is running on thousands of web servers. The code itself is well tested. What was lacking was documentation which as since been updated.<br />
# Link to OWASP Project Page - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= (answer #10)<br />
Not applicable, as no building is needed.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= (answer #11)<br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= (answer #12)<br />
YES<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= (answer #13) <br />
YES - there is also extensive new documentation/comments inside the files themselves describing the Rule Logic and Reference links.<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= (answer #14)<br />
Not applicable, as no building is needed.<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= (answer #15)<br />
YES - JIRA Ticket System:<br />
https://www.modsecurity.org/tracker/browse/CORERULES <br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= (answer #15)<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Ivanr|Ivan Ristic]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Not applicable. ModSecurity rules cannot be installed with an installer.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Not applicable. The rules do use the SecComponentSignature to identify themselves, which is the closest thing to having an “About box” in these circumstances.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= Not applicable. Building is not necessary as the rules are evaluated at runtime.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes.<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= Not applicable. No building is necessary.<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= The bug tracking system is very much usable. JIRA is pretty much the best tracking system available. It is hosted elsewhere, but that’s a big plus in this case (because the code is hosted at SourceForge, and its tracking systems are all bad.)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes. The Core Rules are a substantial piece of work that provides significant security qualities. Nothing similar is available elsewhere. It’s easily the best rule set there is.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= I don’t believe anything else is required for a stable release. Of course, the rules can be improved, but that’s a matter of new research.<br />
There are two areas in which I would like to see improvement:<br />
• More involvement from the community. For the rules to flourish, there must be a sustained community involvement. Ryan is already very clear about leading the project into this direction (as demonstrated by his messages on the mailing list).<br />
• Transparency. This is always a difficult goal to achieve with WAF rules. I would like to see clear justification of every rule in the set, explanation of the attack it was designed to handle, and explanation of the way in which it works.<br />
In talking to Ryan, it is clear that there already are activities under way to address both of the above points.<br />
<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = There's no need for an installer, just to unpack the package in proper directory. It could have a more detailed explanation about this process on Installation page.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes, except by installation procedure. Although the project is about a rule set that only needs to be unpacked, it's important to have modsecurity installation and basic configuration procedures or, at least, relevant links that point to it, since the project by itself makes no sense without a running ModSecurity installation.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes. Users can find latest improvements into CHANGELOG and README files.<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= There`s no need for this information. <br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= Yes. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= (answer #6)<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= (answer #7)<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= (answer #8)<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= (answer #9)<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= (answer #10)<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= (answer #11)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= (answer #12)<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= (answer #13)<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=User_talk:Leocavallari&diff=85150User talk:Leocavallari2010-06-21T00:21:10Z<p>Leocavallari: </p>
<hr />
<div>Leonardo Cavallari Militelli is member of OWASP Global Projects Committee and [[ASDR]] Project Leader.<br />
<br />
He holds a Master's Degree from University of São Paulo and SANS GAWN certification.<br />
<br />
He is CEO of [http://www.ibliss.com.br iBLISS Segurança & Inteligência]and can be found at leo<dot>cavallari<@>owasp<dot>org.<br />
<br />
<br />
----------------------------------------------------------------------------------------------------------------<br />
Leonardo Cavallari Militelli é membro do Comitê Global de Projetos da OWASP e Líder do projeto [[ASDR]].<br />
<br />
Ele é Mestre em Engenharia pela Poli-USP e possui certificação SANS GAWN.<br />
<br />
Ele é CEO da [http://www.ibliss.com.br iBLISS Segurança & Inteligência]e pode ser encontrado em leo<dot>cavallari<@>owasp<dot>org.<br />
<br />
=== OWASP Activities ===<br />
<br />
[[:Category:OWASP_ASDR_Project|OWASP ASDR Project Leader]]<br />
<br />
[[OWASP EU Summit 2008|OWASP EU Summit 2008 Organization Committee]]<br />
<br />
[[Brazilian|Project's translation for Brazilian chapter|]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User_talk:Leocavallari&diff=85149User talk:Leocavallari2010-06-21T00:19:51Z<p>Leocavallari: </p>
<hr />
<div>Leonardo Cavallari Militelli is member of OWASP Global Projects Committee and [[ASDR]] Project Leader.<br />
<br />
He holds a Master's Degree from University of São Paulo and SANS GAWN certification.<br />
<br />
He is CEO of [http://www.ibliss.com.br iBLISSSegurança & Inteligência] and can be found at leo<dot>cavallari<@>owasp<dot>org.<br />
<br />
<br />
----------------------------------------------------------------------------------------------------------------<br />
Leonardo Cavallari Militelli é membro do Comitê Global de Projetos da OWASP e Líder do projeto [[ASDR]].<br />
<br />
Ele é Mestre em Engenharia pela Poli-USP e possui certificação SANS GAWN.<br />
<br />
Ele é CEO da [http://www.ibliss.com.br iBLISSSegurança & Inteligência] e pode ser encontrado em leo<dot>cavallari<@>owasp<dot>org.<br />
<br />
=== OWASP Activities ===<br />
<br />
[[:Category:OWASP_ASDR_Project|OWASP ASDR Project Leader]]<br />
[[OWASP EU Summit 2008|OWASP EU Summit 2008 Organization Committee]]<br />
[[Project's translation for local chapter|Brazilian]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User_talk:Leocavallari&diff=85148User talk:Leocavallari2010-06-21T00:17:07Z<p>Leocavallari: </p>
<hr />
<div>Leonardo Cavallari Militelli is member of OWASP Global Projects Committee and [[ASDR]] Project Leader.<br />
<br />
He holds a Master's Degree from University of São Paulo and SANS GAWN certification.<br />
<br />
He is CEO of iBLISS [http://www.ibliss.com.br Segurança & Inteligência] and can be found at leo<dot>cavallari<@>owasp<dot>org<br />
<br />
Leonardo Cavallari Militelli é membro do Comitê Global de Projetos([[GPC]]) da OWASP e Líder do projeto [[ASDR]].<br />
<br />
=== OWASP Activities ===<br />
<br />
[[:Category:OWASP_ASDR_Project|OWASP ASDR Project Leader]]<br />
[[OWASP EU Summit 2008|OWASP EU Summit 2008 Organization Committee]]<br />
[[Project's translation for local chapter|Brazilian]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User_talk:Leocavallari&diff=85147User talk:Leocavallari2010-06-21T00:16:19Z<p>Leocavallari: </p>
<hr />
<div>Leonardo Cavallari Militelli is member of OWASP Global Projects Committee and [[ASDR]] Project Leader.<br />
He holds a Master's Degree from University of São Paulo and SANS GAWN certification.<br />
He is CEO of iBLISS [http://www.ibliss.com.br Segurança & Inteligência] and can be found at leo<dot>cavallari<@>owasp<dot>org<br />
<br />
Leonardo Cavallari Militelli é membro do Comitê Global de Projetos([[GPC]]) da OWASP e Líder do projeto [[ASDR]].<br />
<br />
=== OWASP Activities ===<br />
<br />
[[:Category:OWASP_ASDR_Project|OWASP ASDR Project Leader]]<br />
[[OWASP EU Summit 2008|OWASP EU Summit 2008 Organization Committee]]<br />
[[Brazilian| Project's translation for local chapter]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Principle_template&diff=83283Principle template2010-05-10T17:15:39Z<p>Leocavallari: </p>
<hr />
<div>Every '''[[Principle]]''' should follow this template.<br />
<br />
{{Template:Principle}}<br />
<br />
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''<br />
<br />
<br><br />
[[Category:OWASP ASDR Project]]<br />
__TOC__<br />
<br />
<br />
==Description==<br />
<br />
A principle is a simple rule that helps to guide security decisions in complex situations.<br />
# Start with a one-sentence description of the principle<br />
# Describe the principle and how it should be applied to security decisions<br />
<br />
<br />
==Examples==<br />
<br />
===Short example name===<br />
: A short example description, small picture, or sample code with [http://www.site.com links]<br />
<br />
===Short example name===<br />
: A short example description, small picture, or sample code with [http://www.site.com links]<br />
<br />
<br />
==Related [[Vulnerabilities]]==<br />
<br />
* [[Vulnerability 1]]<br />
* [[Vulnerabiltiy 2]]<br />
<br />
<br />
==Related [[Controls]]==<br />
<br />
* [[Controls 1]]<br />
* [[Controls 2]]<br />
<br />
<br />
==References==<br />
<br />
* http://www.link1.com<br />
* [http://www.link2.com Title for the link2]<br />
<br />
<br />
__NOTOC__</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Template:Attack&diff=83273Template:Attack2010-05-10T17:00:21Z<p>Leocavallari: </p>
<hr />
<div>:''This is an '''[[:Category:Attack|Attack]]'''. To view all attacks, please see the [[:Category:Attack|Attack Category]] page. <br />
<br />
<br />
[[Category:OWASP ASDR Project]]<br />
<br />
__NOTOC__</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Education_Presentation&diff=74975OWASP Education Presentation2009-12-08T19:03:17Z<p>Leocavallari: /* OWASP Education Presentations */</p>
<hr />
<div>This page provide a commented overview of the OWASP presentations available.<br><br />
Please use the last line of the tables as template.<br><br />
Presentions can be tracked through:<br />
* the [http://www.owasp.org/index.php/Category:OWASP_Presentations OWASP Presentations Category]<br />
* [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference Past OWASP Conference agenda's]<br />
* From the chapter pages<br />
Everybody is encouraged to link the presentations and add their findings on this page !<br />
There are currently hundreds of presentations all over the OWASP web site. <br />
If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76.<br />
Feel free to “mine” them and add them to the overview.<br />
<br />
== OWASP Education Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ OWASP Education Presentations<br />
!width="30%" |Title<br />
!width="40%" |Comment<br />
!width="15%" |Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
|-valign="top"<br />
|[[:Image:OWASP Overview Winter 2009v1.pptx|OWASP Overview Winter 2009]]|| Updated overview of OWASP || Novice || 2009-12-08<br />
|-valign="top"<br />
|[[:Image:Programa_de_Educacion_OWASP.ppt|Programa de Educacion OWASP]]|| Una introduccion a OWASP para Universidades y Centros Educativos por Fabio Cerullo|| Novice || 2009-03-20<br />
|-valign="top"<br />
|[[:Image:OWASP_Educational_Programme.ppt|OWASP Educational Programme]]|| An introduction to OWASP for Universities & Educational Institutions by Fabio Cerullo|| Novice || 2009-03-20<br />
|-valign="top"<br />
|[[:Image:OWASP Overview Summer 2009.pptx|OWASP Overview Summer 2009]]|| Recent overview of OWASP by Jeff Williams || Novice || 2009-08-25<br />
|-valign="top"<br />
|[[:Image:Education Module Why WebAppSec Matters.ppt|Why WebAppSec Matters]]|| This module explains why security should be considered when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:OWASP-Intro-2008-portuguese.ppt|OWASP Intro 2008 Portuguese]]|| Este módulo é uma intrudução sobre o projeto OWASP. || Novice || 2008-07-06<br />
|-valign="top"<br />
|[[:Image:Education Module OWASP Top 10 Introduction and Remedies.ppt|OWASP Top 10 Introduction and Remedies]]|| This module explains the OWASP Top 10 web application vulnerabilities as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Embed within SDLC.ppt|Embed within SDLC]]|| This module explains the complete approach of Web Application Security when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Good Secure Development Practices.ppt|Good Secure Development Practices]]|| This module explains some good secure development practices when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Testing for Vulnerabilities.ppt|Testing for Vulnerabilities]]|| This module explains application security testing when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Good WebAppSec Resources.ppt|Good WebAppSec Resources]]|| This module points you to some good web application security resources when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br><br />
<br />
== OWASP Project Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ OWASP Project Presentations<br />
!width="30%" |Title<br />
!width="40%" |Comment<br />
!width="15%" |Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
|-valign="top"<br />
|[[:Image:Germany 2008 Conference OWASP Introduction v1.pptx|OWASP Introduction]] || OWASP Overview presentation covering OWASP, project parade and OWASP near you. Given by Seba during the Germany 2008 Conference || Novice || 2008-11-25<br />
|-valign="top"<br />
|[[:Image:OWASP Foundation The story so far and beyond - Part 1.ppt|India08 Keynote - Part 1]] || OWASP Overview presentation. Part 1 of 2. Given by Dinis and Jason during the India08 Conference || Novice || 2008-08-16<br />
|-valign="top"<br />
|[[:Image:OWASP Foundation The story so far and beyond - Part 2.ppt|India08 Keynote - Part 2]] || OWASP Overview presentation. Part 2 of 2. Given by Dinis and Jason during the India08 Conference || Novice || 2008-08-16<br />
|-valign="top"<br />
|[[:Image:OWASP India - Tour of OWASP projects.ppt|Tour of OWASP’s projects]] || Given by Dinis and Jason during the India08 Conference || Novice || 2008-08-16<br />
|-valign="top"<br />
|[https://www.owasp.org/images/5/59/RISK_2008_OWASP_Introduction_v1.pptx OWASP @ RISK08 (Norway)] || OWASP introduction at Norway RISK2008 conference by Seba || Novice || 2008-04-23<br />
|-valign="top"<br />
|[[:Image:OWASP NY Keynote.ppt|OWASP NY Keynote by Jeff]] also available in [[:Image:20070620-FR-OWASP NY Keynote.ppt|French]]|| OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse || Novice || 2007-06-12<br />
|-valign="top"<br />
|[http://www.owasp.org/images/a/af/OWASP_Testing_Guide_Presentation.zip The OWASP Testing Guide (Jeff Williams)] || Overview of the OWASP Testing Guide || Novice || 2007-01-23<br />
|-valign="top"<br />
|[http://www.owasp.org/images/e/e9/OWASP_Testing_Guide_Presentation_EUSecWest07.zip The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli)] || Presentation at EUSecWest07 || Intermediate || 2007-03-01<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/3c/OWASP_Flyer_Sep06.ppt OWASP Project Overview] || High level overview of projects and how OWASP works || Novice || 2006-09-19 <br />
|-valign="top"<br />
|[http://www.owasp.org/images/4/49/OWASPAppSec2006Seattle_Security_Metrics.ppt The OWASP Application Security Metrics Project (Bob Austin)] || Presentation on the Application Security Metrics project || Novice || 2006-10-17<br />
|-valign="top"<br />
|[http://www.owasp.org/images/5/53/OWASPAppSecEU2006_CLASP_Project.ppt OWASP CLASP Project (Pravir Chandra)] || OWASP CLASP project presentation given at the 2006 European AppSec conference || Novice || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/30/OWASPAppSec2006Seattle_UsingSprajaxToTestAJAXSecurity.ppt Sprajax (Dan Cornell)] || OWASP Sprajax presentation given at the 2006 Seattle AppSec conference || Intermediate || 2006-10-17<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br><br />
<br />
== OWASP Conference Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ OWASP Conference Presentations <br />
!width="30%" | Title<br />
!width="40%" | Comment<br />
!width="15%" | Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan ModSecurityCoreRuleSet.ppt | Mod Security Core Rule Set (Ofer Shezaf)]] ||Ofer Shezaf's presentation on the Core Ruleset for the latest version of ModSecurity presented at 6th OWASP AppSec conference in Milan, Italy, in May 2007.|| Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan OWASPTestingGuide2v1.ppt | OWASP Testing Guide v2.1 (Matteo Meucci)]] ||Matteo Meucci's presentation on the OWASP Testing Guide v2 at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan CLASP.ppt | CLASP (Pravir Chandra)]] ||Pravir Chandra's presentation on the upcoming 2007 update to CLASP presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan AdvancedWebHacking.ppt | Advanced Web Hacking (PDP)]] ||PDPs presentation at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Expert || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan XMLSecurityGatewayEvalCriteria.ppt | XML Security Gateway Evaluation Criteria (Gunnar Peterson)]] ||Gunnar Peterson's presentation about the new XML Security Gateway Evaluation Criteria project at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan TestingFlashApplications.ppt | Testing Flash Applications (Stephano Di Paolo)]] ||Stephano Di Paolo's presentation on how to test Flash applications presented at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Expert|| 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan OvertakingGoogleDesktop.ppt | Overtaking Google Desktop (Yair Amit)]] ||Yair Amit's presentation on XSS Flaws in Google Desktop that can be exploited through google.com presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Expert || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan MS ACETeamAppSecfromTheCore.ppt | ACE Team Application Security from the Core (Simon Roses Femerling)]] ||Simon Roses Femerling's presentation on the Microsoft ACE team's application security process at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan Pantera.ppt | Pantera (Simon Roses Femerling)]] ||Simon Roses Femerling's presentation on the new OWASP tool Pantera at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan ProtectingWebAppsfromUniversalPDFXSS.ppt | Protecting Web applications from universal PDF XSS (Ivan Ristic)]] ||Ivan Ristic's Universal XSS PDF presentation at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan SoftwareSecurity.ppt | Software Security (Rudolph Araujo)]] ||Rudolph Araujo's presentation on Application Security best practices at the 6th OWASP AppSec conference in Milan Italy, May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan WebGoatv5.ppt | WebGoat v5 (Dave Wichers)]] ||WebGoat v5 presentation by Dave Wichers at the 6th OWASP AppSec Conference in Milan, Italy, May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan WebScarabNG.ppt | WebScarab NG (Dave Wichers)]] ||Description of the new WebScarab-NG efforts presented by Dave Wichers at the 6th OWASP AppSec conference in Milan, Italy in May 2007.|| Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan SANS SPSA Initiative.ppt | SANS SPSA Initiative (Dave Wichers)]] ||Description of the SANS Secure Coding Exam Initiative presented by Dave Wichers at the 6th OWASP AppSec conference in Milan Italy, May 2007.|| Novice || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan OWASPItalyActivities.ppt | OWASP Italy Activities (Raoul Chiesa)]] ||Raoul Chiesa's keynote for day 2 of the 6th OWASP AppSec conference on the state of application security in Italy including OWASP's activities in that country.|| Novice || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan SecurityEngineeringInVista.ppt | Security engineering in Vista (Alex Lucas)]] ||Alex Lucas' from Microsoft's keynote presentation for Day 1 of the 6th OWASP AppSec conference in Milan on the benefits of Microsoft's SDL to the security of Vista. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[http://www.owasp.org/images/5/5f/OWASPAppSec2006Seattle_SecurityEngineeringInVista.ppt How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard)] || Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 || Intermediate || 2006-10-18<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/34/OWASPAppSecEU2006_Bootstrapping_the_Application_Assurance_Process.ppt Bootstrapping the Application Assurance Process (Sebastien Deleersnyder)] || Presentation given during the European 2006 AppSec conference on the application assurance process || Novice || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/8/8b/OWASPAppSecEU2006_InlineApproachforSecureSOAPRequests.ppt Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France)] || Presentation given at the European 2006 AppSec conference about security and soap message structure issues || Intermediate || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/9/9c/OWASPAppSecEU2006_WAFs_WhenAreTheyUseful.ppt Web Application Firewalls:When Are They Useful? (Ivan Ristic)] || Presentation about Web Application Firewalls || Novice || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/1/1a/OWASPAppSecEU2006_HTTPMessageSplittingSmugglingEtc.ppt HTTP Message Splitting, Smuggling and Other Animals (Amit Klein)] || A presentation about Message splitting other attacks around the HTTP protocol || Intermediate || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/f6/OWASPAppSec2006Seattle_WebAppForensics.ppt Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis)] || Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference || Intermediate || 2006-10-18<br />
|-valign="top"<br />
|[http://www.owasp.org/images/d/d2/OWASPAppSecEU2006_CanTestingToolsReallyFindOWASPTop10.ppt Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) ] || A talk about how automated testing tools stack up against the OWASP top 10 || Intermediate || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/2/28/OWASPAppSecEU2006_RequestRodeo.ppt RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter)] || Presentation given about how Sessions can be hi-jacked, etc... || Novice || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/6/62/OWASPAppSecEU2006_SecurityTestingthruAutomatedSWTests.ppt Security Testing through Automated Software Tests (Stephen de Vries)] || Presentation given at the 2006 EuSec conference || Intermediate || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/0/0e/AppSec2005DC-Jeremy_Poteet-In_the_Line_of_Fire.ppt In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet)] || Conference given at the 2005 DC AppSec conference || Novice || 2005-10-1<br />
|-valign="top"<br />
|[http://www.owasp.org/images/9/93/AppSec2005DC-Matt_Fisher-Google_Hacking_and_Worms.ppt Google Hacking and Web Application Worms (Matt Fisher)] || Talk given at the 2005 DC AppSec conference || Novice || 2005-10-01<br />
|-valign="top"<br />
|[http://www.owasp.org/images/0/05/AppSec2005DC-Anthony_Canike-Enterprise_AppSec_Program.ppt Establishing an Enterprise Application Security Program (Tony Canike)] || Talk given at the 2005 DC AppSec Conference || Novice || 2005-10-01<br />
|-valign="top"<br />
|[https://owasp.org/images/0/0d/OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers)] || Dave's talk on AJAX given at the Seattle 2006 AppSec conference || Intermediate || 2006-10-01<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br><br />
<br />
== Web Application Security Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ Web Application Security Presentations <br />
!width="30%" |Title<br />
!width="40%" |Comment<br />
!width="15%" |Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
|-valign="top"<br />
|[[:Image:Protecting Web Applications from Universal PDF XSS.ppt| Universal PDF XSS by Ivan Ristic]] || Protecting Web Applications from Universal PDF XSS || Intermediate || 2007-06-28<br />
|-valign="top"<br />
|[[:Image:IdM-OWASP.v.0.2.14.pdf|Identity Management Basics (Derek Brown)]] ||Identity Management Basics|| Novice || 2007-05-09<br />
|-valign="top"<br />
|[[http://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt Advanced SQL Injection (Victor Chapela)] || Detailed methodology for analyzing applications for SQL injection vulnerabilities || Expert || 2005-11-04<br />
|-valign="top"<br />
|[[http://www.owasp.org/images/7/7d/Advanced_Topics_on_SQL_Injection_Protection.ppt Advanced Topics on SQL Injection Protection (Sam NG)] || 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. || Intermediate || 2006-02-27<br />
|-valign="top"<br />
|[[http://www.owasp.org/images/d/d1/AppSec2005DC-Alex_Stamos-Attacking_Web_Services.ppt Attacking Web Services (Alex Stamos)] || Web Services Introduction and Attacks || Intermediate || 2005-10-11<br />
|-valign="top"<br />
|[http://www.owasp.org/images/7/72/MMS_Spoofing.ppt MMS Spoofing (Matteo Meucci)] || A Case-study of a vulnerable web application || Intermediate<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/f9/OWASPAppSecEU2006_AJAX_Security.ppt Ajax Security (Andrew van der Stock)] || Presentation on Ajax security for OWASP AppSec Europe 2006 || Intermediate || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/3a/OWASPAppSec2006Seattle_Web_Services_Security.ppt Advanced Web Services Security & Hacking (Justin Derry)] || Presentation given on Webservice security at the Seattle 2006 AppSec conference || Intermediate || 2006-10-18<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/f6/Integration_into_the_SDLC.ppt Integration into the SDLC (Eoin Keary)] || A presentation about why and how to integrate the SDLC. || Novice || 2005-04-09<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br />
<br><br />
<br />
== Chapter Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ Chapter Presentations<br />
!width="30%" |Title<br />
!width="30%" |Comment<br />
!width="10%" |Level<br />
!width="10%" |Month (Mon-yyyy)<br />
!width="10%" |Chapter<br />
<br />
|-valign="top"<br />
|[[:Image:Common_Application_Flaws.ppt| Common Application Flaws (Brett Moore) ]] ||OWASP New Zealand chapter presentation on Common Application Flaws|| Novice/Intermediate ||November 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Time_Based_SQL_Injections.ppt| Time Based SQL Injections (Muhaimin Dzulfakar) ]] ||OWASP New Zealand chapter presentation on Time Based SQL Injections|| Intermediate ||September 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Browser_security.ppt| Browser Security (Roberto Suggi Liverani) ]] ||OWASP New Zealand chapter presentation on Browser Security|| Intermediate ||September 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:OWASP_CMH_SQLInjection__20080707.zip| 7/7/2008 SQL Injection (Columbus, OH)]] || SQL Injection Presentation given at the Columbus, OH OWASP Chapter Meeting. Powerpoint, derby DB, and applicable java code. || Novice / Intermediate || July 2008 || [[Columbus]]<br />
|-valign="top"<br />
|[[:Image:OWASP_ellak-Greece.ppt| Detecting Web Application Vulnerabilities Using Open Source Means (Konstantinos Papapanagiotou) ]] ||OWASP Greek Chapter presentation given at the Open Source Software (FLOSS) Conference in Athens|| Novice ||May 2008 || [[Greece]]<br />
|-valign="top"<br />
|[[:Image:Hacking_The_World_With_Flash.ppt| Hacking The World With Flash (Paul Craig) ]] ||OWASP New Zealand chapter presentation on Flash security|| Intermediate ||April 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Web_spam_techniques.ppt| Web Spam Techniques (Roberto Suggi Liverani) ]] ||OWASP New Zealand chapter presentation on Web Spam Techniques|| Intermediate ||April 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Xpath_Injection.ppt| Xpath Injection Overview (Roberto Suggi Liverani) ]] ||OWASP New Zealand chapter presentation on Xpath Injection|| Intermediate ||February 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Owasp security4mobileJava.pdf| Dependability for Java Mobile Code (Pierre Parrend) ]] ||OWASP Swiss chapter presentation on Mobile Java Security || Expert ||July 2007 || [[Switzerland]]<br />
|-valign="top"<br />
|[[:Image:Trust Security Usability - v1.0.pdf|Trust, Security and Usability (Roger Carhuatocto) in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:OWASP-tratamiento_de_datos.pdf|Tratamiento seguro de datos en aplicaciones in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:Conferencia_OWASP.pdf|Ataques DoS en aplicaciones Web (Jaime Blasco Bermejo) in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:Seguridad en entornos financieros.pdf|Seguridad en entornos financierosPedro (Pedro Sánchez) in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:Java_Open_Review.ppt|Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting]] || Java Open Review || Intermediate ||June 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:Bytecode_injection.ppt|Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007.]] || Bytecode injection || Expert ||June 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:Security at the VMM Layer - OWASP.ppt|Security at the VMM Layer by Ted Winograd]] || Security at the VMM Layer || Expert ||June 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:KC June 2007 Evaluating and Tuning WAFs.pdf|Evaluating and Tuning Web Application Firewalls (Barry Archer)]] ||Presentation given at Kansas City June 2007 chapter meeting|| Intermediate ||June 2007 || [[Kansas City]]<br />
|-valign="top"<br />
|[[:Image:OWASP_SDL-IT.pdf|Microsoft Security Development Lifecycle for IT (Rob Labbé)]] ||Presentation by Rob Labbe at Ottawa OWASP Chapter|| Novice ||May 2007|| [[Ottawa]]<br />
|-valign="top"<br />
|[[:Image:OWASP_IL_7_Application_DOS.pdf|Application Denial of Service (Shaayy Cheen)]] ||Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP_IL_7_FuzzGuru.pdf|Fuzzing in Microsoft and FuzzGuru framework (John Neystadt)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP_IL_7_AppSec_and_Beyond.pdf|Application Security, not just development (David Lewis)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 Overtaking Google Desktop.pdf|Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 UnregisterAttackInSip.pdf|Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 WAF Positive Security.pdf|Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 DOT NET Reverse Engineering.pdf|.NET Reverse Engineering (Erez Metula)]] ||Presentation given at the Israel Mini Conference in May 2007|| Expert ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 OWASP Introduction.pdf|OWASP introduction (Ofer Shezaf)]] ||2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP BeLux 2007-06-22 Update on Internet Attack Statistics for Belgium in 2006.ppt|Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H)]] || Update on Internet Attack Statistics for Belgium in 2006 || Novice ||May 2007 || [[Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:InfoSec_World_2007_-_Web_services_gateways.ppt Securing Web Services using XML Security Gateways by Tim Bond] || Securing Web Services using XML Security Gateways || Intermediate ||May 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:SwA_Acquisition_WG_-_Overview.ppt Software Assurance in the Acquisition Process by Stan Wisseman] || Software Assurance in the Acquisition Process || Intermediate ||May 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_Legal_Aspects_Jos_Dumortier.zip Legal Aspects of (Web) Application Security by Jos Dumortier] || Legal Aspects of (Web) Application Security || Intermediate ||May 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_AppSec_Research_Lieven_Desmet.zip AppSec Research (University Leuven Belgium)] || Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet || Expert ||May 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[[:Image:Scanner-Sparkly.ppt|A Scanner Sparkly]] || A Scanner Sparkly, taken from the Phoenix OWASP presentations on Application Security Tools, May 2007 || Intermediate ||May 2007 || [[Phoenix]]<br />
|-valign="top"<br />
|[[:Image:Owasp-lessonslearned.ppt|Grey Box Assessment Lessons Learned]] || "Grey Box Assessment Lessons Learned", taken from the Phoenix OWASP presentations, Application Security Tools, May 2007 || Intermediate ||May 2007 || [[Phoenix]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_OWASP_Update.zip OWASP Update and OWASP BeLux Board Presentation (Seba)] || OWASP Update and OWASP BeLux Board Presentation || Novice||May 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[[:Image:Security Metics- What can we measure- Zed Abbadi.pdf|Metics- What can we measure (Zed Abbadi)]] ||19 April NoVa chapter meeting presentation on Security Metrics || Novice ||April 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:Web Services Hacking and Hardening.pdf| Web Services Hacking and Hardening (Adam Vincent) ]] ||3/8/07 NoVA chapter meeting, Adam Vincent from Layer7 || Expert ||March 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_OWASP_Update.zip OWASP Update (Seba)] || OWASP Update || Novice||Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/fe/Pres_20070206_04_svetsch_xss_worms_owasp.zip XSS Worms (Sven Vetsch)] || XSS Worms || Intermediate ||Feb 2007 || [[Switzerland|Switzerland]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_OWASP_Update.zip OWASP Update (Seba)] || OWASP Update || Novice||Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_WebGoat-Pantera.zip WebGoat and Pantera presentation (Philippe Bogaerts)] || WebGoat and Pantera presentation || Novice || Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_AOP_security.zip Security implications of AOP for secure software (Bart De Win)] || Security implications of AOP for secure software || Expert || Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/1/12/OWASP_Denver_Nov-06_presentation.ppt testing for common security flaws (David Byrne)] || testing for common security flaws || Intermediate || Nov 2006 || [[Denver|Denver]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/7/7c/Owasp-olli.pdf 40-ish slides on analyzing threats (Olli)] || Analyzing Threats || Novice || Dec 2006 || [[Helsinki|Helsinki]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/2/2c/KC_Dec2006_Attacking_The_App.pdf Attacking the Application (Dave Ferguson)] || Vulnerabilities, attacks and coding suggestions || Intermediate || Dec 2006 || [[Kansas City|Kansas City]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/6/6a/KC_Dec2006_Ajax_Security_Concerns.pdf Ajax Security Concerns (Rohini Sulatycki)] || Ajax Security Concerns || Intermediate ||Dec 2006 || [[Kansas City|Kansas City]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/8/8c/Anatomy_of_2_Web_App_Testing.zip Anatomy of 2 Web Application Testing (Matteo Meucci)] || Anatomy of 2 Web Application Testing || Intermediate || Mar 2006 || [[Italy|Italy]]<br />
<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || Mon Year || Chapter<br />
|}<br />
<br />
[[Category:OWASP Education Project]]<br />
[[Category:OWASP Presentations]]<br />
[[Category:Chapter Resources]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Education_Presentation&diff=74973OWASP Education Presentation2009-12-08T18:55:39Z<p>Leocavallari: /* OWASP Education Presentations */</p>
<hr />
<div>This page provide a commented overview of the OWASP presentations available.<br><br />
Please use the last line of the tables as template.<br><br />
Presentions can be tracked through:<br />
* the [http://www.owasp.org/index.php/Category:OWASP_Presentations OWASP Presentations Category]<br />
* [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference Past OWASP Conference agenda's]<br />
* From the chapter pages<br />
Everybody is encouraged to link the presentations and add their findings on this page !<br />
There are currently hundreds of presentations all over the OWASP web site. <br />
If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76.<br />
Feel free to “mine” them and add them to the overview.<br />
<br />
== OWASP Education Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ OWASP Education Presentations<br />
!width="30%" |Title<br />
!width="40%" |Comment<br />
!width="15%" |Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
|-valign="top"<br />
|[[:Image:OWASP Overview Winterv1 2009.pptx|OWASP Overview Winter 2009]]|| Updated overview of OWASP || Novice || 2009-12-08<br />
|-valign="top"<br />
|[[:Image:Programa_de_Educacion_OWASP.ppt|Programa de Educacion OWASP]]|| Una introduccion a OWASP para Universidades y Centros Educativos por Fabio Cerullo|| Novice || 2009-03-20<br />
|-valign="top"<br />
|[[:Image:OWASP_Educational_Programme.ppt|OWASP Educational Programme]]|| An introduction to OWASP for Universities & Educational Institutions by Fabio Cerullo|| Novice || 2009-03-20<br />
|-valign="top"<br />
|[[:Image:OWASP Overview Summer 2009.pptx|OWASP Overview Summer 2009]]|| Recent overview of OWASP by Jeff Williams || Novice || 2009-08-25<br />
|-valign="top"<br />
|[[:Image:Education Module Why WebAppSec Matters.ppt|Why WebAppSec Matters]]|| This module explains why security should be considered when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:OWASP-Intro-2008-portuguese.ppt|OWASP Intro 2008 Portuguese]]|| Este módulo é uma intrudução sobre o projeto OWASP. || Novice || 2008-07-06<br />
|-valign="top"<br />
|[[:Image:Education Module OWASP Top 10 Introduction and Remedies.ppt|OWASP Top 10 Introduction and Remedies]]|| This module explains the OWASP Top 10 web application vulnerabilities as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Embed within SDLC.ppt|Embed within SDLC]]|| This module explains the complete approach of Web Application Security when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Good Secure Development Practices.ppt|Good Secure Development Practices]]|| This module explains some good secure development practices when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Testing for Vulnerabilities.ppt|Testing for Vulnerabilities]]|| This module explains application security testing when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|[[:Image:Education Module Good WebAppSec Resources.ppt|Good WebAppSec Resources]]|| This module points you to some good web application security resources when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br><br />
<br />
== OWASP Project Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ OWASP Project Presentations<br />
!width="30%" |Title<br />
!width="40%" |Comment<br />
!width="15%" |Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
|-valign="top"<br />
|[[:Image:Germany 2008 Conference OWASP Introduction v1.pptx|OWASP Introduction]] || OWASP Overview presentation covering OWASP, project parade and OWASP near you. Given by Seba during the Germany 2008 Conference || Novice || 2008-11-25<br />
|-valign="top"<br />
|[[:Image:OWASP Foundation The story so far and beyond - Part 1.ppt|India08 Keynote - Part 1]] || OWASP Overview presentation. Part 1 of 2. Given by Dinis and Jason during the India08 Conference || Novice || 2008-08-16<br />
|-valign="top"<br />
|[[:Image:OWASP Foundation The story so far and beyond - Part 2.ppt|India08 Keynote - Part 2]] || OWASP Overview presentation. Part 2 of 2. Given by Dinis and Jason during the India08 Conference || Novice || 2008-08-16<br />
|-valign="top"<br />
|[[:Image:OWASP India - Tour of OWASP projects.ppt|Tour of OWASP’s projects]] || Given by Dinis and Jason during the India08 Conference || Novice || 2008-08-16<br />
|-valign="top"<br />
|[https://www.owasp.org/images/5/59/RISK_2008_OWASP_Introduction_v1.pptx OWASP @ RISK08 (Norway)] || OWASP introduction at Norway RISK2008 conference by Seba || Novice || 2008-04-23<br />
|-valign="top"<br />
|[[:Image:OWASP NY Keynote.ppt|OWASP NY Keynote by Jeff]] also available in [[:Image:20070620-FR-OWASP NY Keynote.ppt|French]]|| OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse || Novice || 2007-06-12<br />
|-valign="top"<br />
|[http://www.owasp.org/images/a/af/OWASP_Testing_Guide_Presentation.zip The OWASP Testing Guide (Jeff Williams)] || Overview of the OWASP Testing Guide || Novice || 2007-01-23<br />
|-valign="top"<br />
|[http://www.owasp.org/images/e/e9/OWASP_Testing_Guide_Presentation_EUSecWest07.zip The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli)] || Presentation at EUSecWest07 || Intermediate || 2007-03-01<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/3c/OWASP_Flyer_Sep06.ppt OWASP Project Overview] || High level overview of projects and how OWASP works || Novice || 2006-09-19 <br />
|-valign="top"<br />
|[http://www.owasp.org/images/4/49/OWASPAppSec2006Seattle_Security_Metrics.ppt The OWASP Application Security Metrics Project (Bob Austin)] || Presentation on the Application Security Metrics project || Novice || 2006-10-17<br />
|-valign="top"<br />
|[http://www.owasp.org/images/5/53/OWASPAppSecEU2006_CLASP_Project.ppt OWASP CLASP Project (Pravir Chandra)] || OWASP CLASP project presentation given at the 2006 European AppSec conference || Novice || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/30/OWASPAppSec2006Seattle_UsingSprajaxToTestAJAXSecurity.ppt Sprajax (Dan Cornell)] || OWASP Sprajax presentation given at the 2006 Seattle AppSec conference || Intermediate || 2006-10-17<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br><br />
<br />
== OWASP Conference Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ OWASP Conference Presentations <br />
!width="30%" | Title<br />
!width="40%" | Comment<br />
!width="15%" | Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan ModSecurityCoreRuleSet.ppt | Mod Security Core Rule Set (Ofer Shezaf)]] ||Ofer Shezaf's presentation on the Core Ruleset for the latest version of ModSecurity presented at 6th OWASP AppSec conference in Milan, Italy, in May 2007.|| Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan OWASPTestingGuide2v1.ppt | OWASP Testing Guide v2.1 (Matteo Meucci)]] ||Matteo Meucci's presentation on the OWASP Testing Guide v2 at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan CLASP.ppt | CLASP (Pravir Chandra)]] ||Pravir Chandra's presentation on the upcoming 2007 update to CLASP presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan AdvancedWebHacking.ppt | Advanced Web Hacking (PDP)]] ||PDPs presentation at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Expert || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan XMLSecurityGatewayEvalCriteria.ppt | XML Security Gateway Evaluation Criteria (Gunnar Peterson)]] ||Gunnar Peterson's presentation about the new XML Security Gateway Evaluation Criteria project at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan TestingFlashApplications.ppt | Testing Flash Applications (Stephano Di Paolo)]] ||Stephano Di Paolo's presentation on how to test Flash applications presented at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Expert|| 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan OvertakingGoogleDesktop.ppt | Overtaking Google Desktop (Yair Amit)]] ||Yair Amit's presentation on XSS Flaws in Google Desktop that can be exploited through google.com presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Expert || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan MS ACETeamAppSecfromTheCore.ppt | ACE Team Application Security from the Core (Simon Roses Femerling)]] ||Simon Roses Femerling's presentation on the Microsoft ACE team's application security process at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan Pantera.ppt | Pantera (Simon Roses Femerling)]] ||Simon Roses Femerling's presentation on the new OWASP tool Pantera at the 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan ProtectingWebAppsfromUniversalPDFXSS.ppt | Protecting Web applications from universal PDF XSS (Ivan Ristic)]] ||Ivan Ristic's Universal XSS PDF presentation at 6th OWASP AppSec conference in Milan, Italy in May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan SoftwareSecurity.ppt | Software Security (Rudolph Araujo)]] ||Rudolph Araujo's presentation on Application Security best practices at the 6th OWASP AppSec conference in Milan Italy, May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan WebGoatv5.ppt | WebGoat v5 (Dave Wichers)]] ||WebGoat v5 presentation by Dave Wichers at the 6th OWASP AppSec Conference in Milan, Italy, May 2007. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan WebScarabNG.ppt | WebScarab NG (Dave Wichers)]] ||Description of the new WebScarab-NG efforts presented by Dave Wichers at the 6th OWASP AppSec conference in Milan, Italy in May 2007.|| Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan SANS SPSA Initiative.ppt | SANS SPSA Initiative (Dave Wichers)]] ||Description of the SANS Secure Coding Exam Initiative presented by Dave Wichers at the 6th OWASP AppSec conference in Milan Italy, May 2007.|| Novice || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan OWASPItalyActivities.ppt | OWASP Italy Activities (Raoul Chiesa)]] ||Raoul Chiesa's keynote for day 2 of the 6th OWASP AppSec conference on the state of application security in Italy including OWASP's activities in that country.|| Novice || 2007-05-16<br />
|-valign="top"<br />
|[[:Image:OWASPAppSec2007Milan SecurityEngineeringInVista.ppt | Security engineering in Vista (Alex Lucas)]] ||Alex Lucas' from Microsoft's keynote presentation for Day 1 of the 6th OWASP AppSec conference in Milan on the benefits of Microsoft's SDL to the security of Vista. || Intermediate || 2007-05-16<br />
|-valign="top"<br />
|[http://www.owasp.org/images/5/5f/OWASPAppSec2006Seattle_SecurityEngineeringInVista.ppt How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard)] || Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 || Intermediate || 2006-10-18<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/34/OWASPAppSecEU2006_Bootstrapping_the_Application_Assurance_Process.ppt Bootstrapping the Application Assurance Process (Sebastien Deleersnyder)] || Presentation given during the European 2006 AppSec conference on the application assurance process || Novice || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/8/8b/OWASPAppSecEU2006_InlineApproachforSecureSOAPRequests.ppt Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France)] || Presentation given at the European 2006 AppSec conference about security and soap message structure issues || Intermediate || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/9/9c/OWASPAppSecEU2006_WAFs_WhenAreTheyUseful.ppt Web Application Firewalls:When Are They Useful? (Ivan Ristic)] || Presentation about Web Application Firewalls || Novice || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/1/1a/OWASPAppSecEU2006_HTTPMessageSplittingSmugglingEtc.ppt HTTP Message Splitting, Smuggling and Other Animals (Amit Klein)] || A presentation about Message splitting other attacks around the HTTP protocol || Intermediate || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/f6/OWASPAppSec2006Seattle_WebAppForensics.ppt Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis)] || Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference || Intermediate || 2006-10-18<br />
|-valign="top"<br />
|[http://www.owasp.org/images/d/d2/OWASPAppSecEU2006_CanTestingToolsReallyFindOWASPTop10.ppt Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) ] || A talk about how automated testing tools stack up against the OWASP top 10 || Intermediate || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/2/28/OWASPAppSecEU2006_RequestRodeo.ppt RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter)] || Presentation given about how Sessions can be hi-jacked, etc... || Novice || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/6/62/OWASPAppSecEU2006_SecurityTestingthruAutomatedSWTests.ppt Security Testing through Automated Software Tests (Stephen de Vries)] || Presentation given at the 2006 EuSec conference || Intermediate || 2006-05-31<br />
|-valign="top"<br />
|[http://www.owasp.org/images/0/0e/AppSec2005DC-Jeremy_Poteet-In_the_Line_of_Fire.ppt In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet)] || Conference given at the 2005 DC AppSec conference || Novice || 2005-10-1<br />
|-valign="top"<br />
|[http://www.owasp.org/images/9/93/AppSec2005DC-Matt_Fisher-Google_Hacking_and_Worms.ppt Google Hacking and Web Application Worms (Matt Fisher)] || Talk given at the 2005 DC AppSec conference || Novice || 2005-10-01<br />
|-valign="top"<br />
|[http://www.owasp.org/images/0/05/AppSec2005DC-Anthony_Canike-Enterprise_AppSec_Program.ppt Establishing an Enterprise Application Security Program (Tony Canike)] || Talk given at the 2005 DC AppSec Conference || Novice || 2005-10-01<br />
|-valign="top"<br />
|[https://owasp.org/images/0/0d/OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers)] || Dave's talk on AJAX given at the Seattle 2006 AppSec conference || Intermediate || 2006-10-01<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br><br />
<br />
== Web Application Security Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ Web Application Security Presentations <br />
!width="30%" |Title<br />
!width="40%" |Comment<br />
!width="15%" |Level<br />
!width="15%" |Date (yyyy-mm-dd)<br />
|-valign="top"<br />
|[[:Image:Protecting Web Applications from Universal PDF XSS.ppt| Universal PDF XSS by Ivan Ristic]] || Protecting Web Applications from Universal PDF XSS || Intermediate || 2007-06-28<br />
|-valign="top"<br />
|[[:Image:IdM-OWASP.v.0.2.14.pdf|Identity Management Basics (Derek Brown)]] ||Identity Management Basics|| Novice || 2007-05-09<br />
|-valign="top"<br />
|[[http://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt Advanced SQL Injection (Victor Chapela)] || Detailed methodology for analyzing applications for SQL injection vulnerabilities || Expert || 2005-11-04<br />
|-valign="top"<br />
|[[http://www.owasp.org/images/7/7d/Advanced_Topics_on_SQL_Injection_Protection.ppt Advanced Topics on SQL Injection Protection (Sam NG)] || 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. || Intermediate || 2006-02-27<br />
|-valign="top"<br />
|[[http://www.owasp.org/images/d/d1/AppSec2005DC-Alex_Stamos-Attacking_Web_Services.ppt Attacking Web Services (Alex Stamos)] || Web Services Introduction and Attacks || Intermediate || 2005-10-11<br />
|-valign="top"<br />
|[http://www.owasp.org/images/7/72/MMS_Spoofing.ppt MMS Spoofing (Matteo Meucci)] || A Case-study of a vulnerable web application || Intermediate<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/f9/OWASPAppSecEU2006_AJAX_Security.ppt Ajax Security (Andrew van der Stock)] || Presentation on Ajax security for OWASP AppSec Europe 2006 || Intermediate || 2006-05-30<br />
|-valign="top"<br />
|[http://www.owasp.org/images/3/3a/OWASPAppSec2006Seattle_Web_Services_Security.ppt Advanced Web Services Security & Hacking (Justin Derry)] || Presentation given on Webservice security at the Seattle 2006 AppSec conference || Intermediate || 2006-10-18<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/f6/Integration_into_the_SDLC.ppt Integration into the SDLC (Eoin Keary)] || A presentation about why and how to integrate the SDLC. || Novice || 2005-04-09<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || yyyy-mm-dd<br />
|}<br />
<br />
<br />
<br><br />
<br />
== Chapter Presentations ==<br />
{|class="wikitable sortable" style="text-align: top;" border="1" cellpadding="2"<br />
|+ Chapter Presentations<br />
!width="30%" |Title<br />
!width="30%" |Comment<br />
!width="10%" |Level<br />
!width="10%" |Month (Mon-yyyy)<br />
!width="10%" |Chapter<br />
<br />
|-valign="top"<br />
|[[:Image:Common_Application_Flaws.ppt| Common Application Flaws (Brett Moore) ]] ||OWASP New Zealand chapter presentation on Common Application Flaws|| Novice/Intermediate ||November 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Time_Based_SQL_Injections.ppt| Time Based SQL Injections (Muhaimin Dzulfakar) ]] ||OWASP New Zealand chapter presentation on Time Based SQL Injections|| Intermediate ||September 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Browser_security.ppt| Browser Security (Roberto Suggi Liverani) ]] ||OWASP New Zealand chapter presentation on Browser Security|| Intermediate ||September 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:OWASP_CMH_SQLInjection__20080707.zip| 7/7/2008 SQL Injection (Columbus, OH)]] || SQL Injection Presentation given at the Columbus, OH OWASP Chapter Meeting. Powerpoint, derby DB, and applicable java code. || Novice / Intermediate || July 2008 || [[Columbus]]<br />
|-valign="top"<br />
|[[:Image:OWASP_ellak-Greece.ppt| Detecting Web Application Vulnerabilities Using Open Source Means (Konstantinos Papapanagiotou) ]] ||OWASP Greek Chapter presentation given at the Open Source Software (FLOSS) Conference in Athens|| Novice ||May 2008 || [[Greece]]<br />
|-valign="top"<br />
|[[:Image:Hacking_The_World_With_Flash.ppt| Hacking The World With Flash (Paul Craig) ]] ||OWASP New Zealand chapter presentation on Flash security|| Intermediate ||April 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Web_spam_techniques.ppt| Web Spam Techniques (Roberto Suggi Liverani) ]] ||OWASP New Zealand chapter presentation on Web Spam Techniques|| Intermediate ||April 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Xpath_Injection.ppt| Xpath Injection Overview (Roberto Suggi Liverani) ]] ||OWASP New Zealand chapter presentation on Xpath Injection|| Intermediate ||February 2008 || [[New Zealand]]<br />
|-valign="top"<br />
|[[:Image:Owasp security4mobileJava.pdf| Dependability for Java Mobile Code (Pierre Parrend) ]] ||OWASP Swiss chapter presentation on Mobile Java Security || Expert ||July 2007 || [[Switzerland]]<br />
|-valign="top"<br />
|[[:Image:Trust Security Usability - v1.0.pdf|Trust, Security and Usability (Roger Carhuatocto) in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:OWASP-tratamiento_de_datos.pdf|Tratamiento seguro de datos en aplicaciones in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:Conferencia_OWASP.pdf|Ataques DoS en aplicaciones Web (Jaime Blasco Bermejo) in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:Seguridad en entornos financieros.pdf|Seguridad en entornos financierosPedro (Pedro Sánchez) in Spanish]]||OWASP Spain chapter meeting (July'07) || Intermediate ||July 2007 || [[Spain]]<br />
|-valign="top"<br />
|[[:Image:Java_Open_Review.ppt|Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting]] || Java Open Review || Intermediate ||June 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:Bytecode_injection.ppt|Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007.]] || Bytecode injection || Expert ||June 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:Security at the VMM Layer - OWASP.ppt|Security at the VMM Layer by Ted Winograd]] || Security at the VMM Layer || Expert ||June 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:KC June 2007 Evaluating and Tuning WAFs.pdf|Evaluating and Tuning Web Application Firewalls (Barry Archer)]] ||Presentation given at Kansas City June 2007 chapter meeting|| Intermediate ||June 2007 || [[Kansas City]]<br />
|-valign="top"<br />
|[[:Image:OWASP_SDL-IT.pdf|Microsoft Security Development Lifecycle for IT (Rob Labbé)]] ||Presentation by Rob Labbe at Ottawa OWASP Chapter|| Novice ||May 2007|| [[Ottawa]]<br />
|-valign="top"<br />
|[[:Image:OWASP_IL_7_Application_DOS.pdf|Application Denial of Service (Shaayy Cheen)]] ||Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP_IL_7_FuzzGuru.pdf|Fuzzing in Microsoft and FuzzGuru framework (John Neystadt)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP_IL_7_AppSec_and_Beyond.pdf|Application Security, not just development (David Lewis)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 Overtaking Google Desktop.pdf|Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 UnregisterAttackInSip.pdf|Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 WAF Positive Security.pdf|Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 DOT NET Reverse Engineering.pdf|.NET Reverse Engineering (Erez Metula)]] ||Presentation given at the Israel Mini Conference in May 2007|| Expert ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP IL 7 OWASP Introduction.pdf|OWASP introduction (Ofer Shezaf)]] ||2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya|| Intermediate ||May 2007 || [[Israel]]<br />
|-valign="top"<br />
|[[:Image:OWASP BeLux 2007-06-22 Update on Internet Attack Statistics for Belgium in 2006.ppt|Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H)]] || Update on Internet Attack Statistics for Belgium in 2006 || Novice ||May 2007 || [[Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:InfoSec_World_2007_-_Web_services_gateways.ppt Securing Web Services using XML Security Gateways by Tim Bond] || Securing Web Services using XML Security Gateways || Intermediate ||May 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:SwA_Acquisition_WG_-_Overview.ppt Software Assurance in the Acquisition Process by Stan Wisseman] || Software Assurance in the Acquisition Process || Intermediate ||May 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_Legal_Aspects_Jos_Dumortier.zip Legal Aspects of (Web) Application Security by Jos Dumortier] || Legal Aspects of (Web) Application Security || Intermediate ||May 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_AppSec_Research_Lieven_Desmet.zip AppSec Research (University Leuven Belgium)] || Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet || Expert ||May 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[[:Image:Scanner-Sparkly.ppt|A Scanner Sparkly]] || A Scanner Sparkly, taken from the Phoenix OWASP presentations on Application Security Tools, May 2007 || Intermediate ||May 2007 || [[Phoenix]]<br />
|-valign="top"<br />
|[[:Image:Owasp-lessonslearned.ppt|Grey Box Assessment Lessons Learned]] || "Grey Box Assessment Lessons Learned", taken from the Phoenix OWASP presentations, Application Security Tools, May 2007 || Intermediate ||May 2007 || [[Phoenix]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_OWASP_Update.zip OWASP Update and OWASP BeLux Board Presentation (Seba)] || OWASP Update and OWASP BeLux Board Presentation || Novice||May 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[[:Image:Security Metics- What can we measure- Zed Abbadi.pdf|Metics- What can we measure (Zed Abbadi)]] ||19 April NoVa chapter meeting presentation on Security Metrics || Novice ||April 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[[:Image:Web Services Hacking and Hardening.pdf| Web Services Hacking and Hardening (Adam Vincent) ]] ||3/8/07 NoVA chapter meeting, Adam Vincent from Layer7 || Expert ||March 2007 || [[Virginia (Northern Virginia)]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_OWASP_Update.zip OWASP Update (Seba)] || OWASP Update || Novice||Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/f/fe/Pres_20070206_04_svetsch_xss_worms_owasp.zip XSS Worms (Sven Vetsch)] || XSS Worms || Intermediate ||Feb 2007 || [[Switzerland|Switzerland]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_OWASP_Update.zip OWASP Update (Seba)] || OWASP Update || Novice||Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_WebGoat-Pantera.zip WebGoat and Pantera presentation (Philippe Bogaerts)] || WebGoat and Pantera presentation || Novice || Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_AOP_security.zip Security implications of AOP for secure software (Bart De Win)] || Security implications of AOP for secure software || Expert || Jan 2007 || [[Belgium|Belgium]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/1/12/OWASP_Denver_Nov-06_presentation.ppt testing for common security flaws (David Byrne)] || testing for common security flaws || Intermediate || Nov 2006 || [[Denver|Denver]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/7/7c/Owasp-olli.pdf 40-ish slides on analyzing threats (Olli)] || Analyzing Threats || Novice || Dec 2006 || [[Helsinki|Helsinki]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/2/2c/KC_Dec2006_Attacking_The_App.pdf Attacking the Application (Dave Ferguson)] || Vulnerabilities, attacks and coding suggestions || Intermediate || Dec 2006 || [[Kansas City|Kansas City]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/6/6a/KC_Dec2006_Ajax_Security_Concerns.pdf Ajax Security Concerns (Rohini Sulatycki)] || Ajax Security Concerns || Intermediate ||Dec 2006 || [[Kansas City|Kansas City]]<br />
|-valign="top"<br />
|[http://www.owasp.org/images/8/8c/Anatomy_of_2_Web_App_Testing.zip Anatomy of 2 Web Application Testing (Matteo Meucci)] || Anatomy of 2 Web Application Testing || Intermediate || Mar 2006 || [[Italy|Italy]]<br />
<br />
|-valign="top"<br />
|Example (include link) || Fill in your comments || Novice/Intermediate/Expert || Mon Year || Chapter<br />
|}<br />
<br />
[[Category:OWASP Education Project]]<br />
[[Category:OWASP Presentations]]<br />
[[Category:Chapter Resources]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=File:OWASP_Overview_Winter_2009v1.pptx&diff=74971File:OWASP Overview Winter 2009v1.pptx2009-12-08T18:52:06Z<p>Leocavallari: </p>
<hr />
<div></div>Leocavallarihttps://wiki.owasp.org/index.php?title=GPC_Agenda_2009-11-23&diff=73995GPC Agenda 2009-11-232009-11-23T19:12:49Z<p>Leocavallari: /* Current Meeting */</p>
<hr />
<div>== Previous meetings and Dial-in details ==<br />
see [[:Category:GPC_Meetings|GPC Meetings]] for previous GPC Meetings Agenda '''and the Dial-In details''' <br />
<br />
= Agenda =<br />
<br />
== Current Meeting ==<br />
<br />
*[[:Summit 2009|"OWASP Mini-Summit 2009"]]/[[:OWASP AppSec DC 2009]] - Wrap-up:<br />
**Decisions made in DC with impact on GPC activity, <br />
**Has the GPC had the opportunity to contact M. Bobersky to answer his questions? [https://docs.google.com/a/owasp.org/Doc?docid=0AX4Puwz7EA41ZGNuODk2MmNfNTRjZGd0OTdkcw&hl=en M. Boberski's questions]<br />
<br />
* Leo wants to discuss about issues on usage of OWASP resources. Is this the right forum?<br />
**Brazilian AppSec Conference<br />
**Brazilian book that has a translated version of Top10 "integrally", without any reference to OWASP<br />
<br />
----<br />
<br />
*Projects<br />
** [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Project_Details|OWASP ModSecurity Core Rule Set Project]] is ready for assessment and needs a GPC reviewer. Volunteers?<br />
** [[:Category:OWASP Content Validation using Java Annotations Project|OWASP Content Validation using Java Annotations Project]] is ready for assessment and needs '''TWO''' GPC reviewers as it hasn't been possible to find any volunteers within our project leaders. Volunteers?<br />
<br />
** Releases translation process<br />
*** Shall we handle this or let with other Committe?<br />
*** Define process only for docs or also tools?<br />
<br />
----<br />
*Project Reviewers,<br />
** In the sequence of suggestions and comments previously made by Tom and Brad and Matt, I've created a [[OWASP Project Reviewers Database|first straw of the page]] to receive information about hypothetical volunteer project reviewers.<br />
***Please check it out and let me know if you think any changes have to be made. <br />
***Also, it seems to me that the next phases of this process could consist in pushing it forward by using this page to describe the review job role and, thereafter, by doing a call for reviewers through our leaders' mailing list.<br />
***If you agree with this methodology I ask if one of you have the spare cycles to produce the above referred job description. Later on a text to support the call for reviewers will also be needed - I will produce a first draft for your comments if nobody assumes first the task.<br />
<br />
----<br />
*GPC participation at the [http://www.ibwas.com/index.html Iberic Web Application Security] conference (IBWAS09): <br />
**For GPC's information, Paulo is partially using his time to assist the conference management team. <br />
**We need a 1h slide deck about OWASP projects to be delivered at the next AppSec Conference in Madrid.<br />
<br />
== From Previous Meeting/Follow up ==<br />
<br />
*Spreading [[:Template:OWASP Project Identification Tab|OWASP Project Details Tab]] through [[OWASP Projects Dashboard|ALL OWASP Projects]]. <br />
**Revised&improved wiki code to link projects and releases - Has this task been finished? Are there any available instructions/documentation?<br />
<br />
= Issues for next Meeting =<br />
<br />
*Add here<br />
<br />
= Minutes =<br />
<br />
*Meeting started 10H PM/GMT <br />
*Add here<br />
<br />
__NOTOC__ <br />
<br />
[[Category:GPC_Meetings]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment&diff=73928Category:OWASP JBroFuzz Project - Version 1.7 Release - Assessment2009-11-21T15:17:21Z<p>Leocavallari: /* Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 */</p>
<hr />
<div><small>[[:Category:OWASP JBroFuzz|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[mailto:yiannis@owasp.org Subere]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= Yes; there a lot of information regarding how to use JBroFuzz, an FAQ section a Help section as well as an online tutorial that still needs a lot of work!<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= GNU GPL v3<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= For the source code: http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/<br />
<br />
| 4. Is there working code? <br />
= Yes; currently in its 179 revision, according to the subversion repository.<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= Yes; most of the roadmap has now being delivered with the continuous addition of enhancements (e.g. the encoder window)<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= I believe so, yes.<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= Both an installer and a stand-alone executable as well as a jar standalone executable.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= An FAQ section and a Help section, as well as an ongoing tutorial guide that can be found: http://www.owasp.org/index.php/OWASP_JBroFuzz_Tutorial<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= Yes, the about box carries version information, production alias email, the license as well as a disclaimer.<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= Yes; using apache ant and running '>ant' after the source code has been downloading. This is also documented on the website.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= Yes; the faq and help sections are stored in the same repository as the source code. The java-doc is derived from the source code. The fuzzing payloads are stored within the repository.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= I would say, yes.<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= Yes; under Help -> FAQ and Help -> Topics<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= Yes; using apache ant and a standard build.xml file<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= Yes.<br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= Yes; for example running the tool from command line with more memory; running the jar file in order to pass a SOCKS5 proxy configuration, etc.<br />
<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Mtesauro|Matt Tesauro]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= (answer #2)<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= (answer #3) <br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= (answer #4)<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= (answer #5)<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= (answer #6)<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= (answer #7)<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= (answer #8)<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= (answer #9)<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= (answer #10)<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= (answer #11)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= (answer #12)<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= (answer #13)<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari Militelli]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Yes, in a form of Java executable jar file and a MSI Installable package for Windows.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes. I recommend to link the tutorial and FAQ to main link section on Project Details, while the videos linked on Main links sections are outdated and do not present the current version. Also, the tutorial and documentation have gaps to be improved.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= No. The documentation regarding the source code was not found in the wiki, tool repository (sourceforge), or within the downloadable files. It assumes that the user already know what's a fuzzer and how to use it.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= No. The documentation is only available into the Wiki and doesn't explain how to build from source code. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= <br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= Yes, at Sourceforge<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes, since it helps on fuzzing values during an application security assessment, thus automatizing attack variants discovery.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= The tool is doing very well, but I missed documentation about source code and a more concise user guide. It can go up the ladder for Release Quality, but I'd like to see a improved documentation when possible.<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment&diff=73927Category:OWASP JBroFuzz Project - Version 1.7 Release - Assessment2009-11-21T15:15:50Z<p>Leocavallari: /* Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 */</p>
<hr />
<div><small>[[:Category:OWASP JBroFuzz|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[mailto:yiannis@owasp.org Subere]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= Yes; there a lot of information regarding how to use JBroFuzz, an FAQ section a Help section as well as an online tutorial that still needs a lot of work!<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= GNU GPL v3<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= For the source code: http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/<br />
<br />
| 4. Is there working code? <br />
= Yes; currently in its 179 revision, according to the subversion repository.<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= Yes; most of the roadmap has now being delivered with the continuous addition of enhancements (e.g. the encoder window)<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= I believe so, yes.<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= Both an installer and a stand-alone executable as well as a jar standalone executable.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= An FAQ section and a Help section, as well as an ongoing tutorial guide that can be found: http://www.owasp.org/index.php/OWASP_JBroFuzz_Tutorial<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= Yes, the about box carries version information, production alias email, the license as well as a disclaimer.<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= Yes; using apache ant and running '>ant' after the source code has been downloading. This is also documented on the website.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= Yes; the faq and help sections are stored in the same repository as the source code. The java-doc is derived from the source code. The fuzzing payloads are stored within the repository.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= I would say, yes.<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= Yes; under Help -> FAQ and Help -> Topics<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= Yes; using apache ant and a standard build.xml file<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= Yes.<br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= Yes; for example running the tool from command line with more memory; running the jar file in order to pass a SOCKS5 proxy configuration, etc.<br />
<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Mtesauro|Matt Tesauro]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= (answer #2)<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= (answer #3) <br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= (answer #4)<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= (answer #5)<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= (answer #6)<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= (answer #7)<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= (answer #8)<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= (answer #9)<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= (answer #10)<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= (answer #11)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= (answer #12)<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= (answer #13)<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari Militelli]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Yes, in a form of Java executable jar file and a MSI Installable package for Windows.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes. I recommend to link the tutorial to the main link section on Project Details, while the videos linked on Main links sections are outdated and do not present the current version. Also, the tutorial and documentation have gaps to be improved.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= No. The documentation regarding the source code was not found in the wiki, tool repository (sourceforge), or within the downloadable files. It assumes that the user already know what's a fuzzer and how to use it.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= No. The documentation is only available into the Wiki and doesn't explain how to build from source code. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= <br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= Yes, at Sourceforge<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes, since it helps on fuzzing values during an application security assessment, thus automatizing attack variants discovery.<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= The tool is doing very well, but I missed documentation about source code and a more concise user guide. It can go up the ladder for Release Quality, but I'd like to see a improved documentation when possible.<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_JBroFuzz_Tutorial&diff=73926OWASP JBroFuzz Tutorial2009-11-21T15:02:34Z<p>Leocavallari: </p>
<hr />
<div>[[Category:OWASP JBroFuzz]]<br />
<br />
== JBroFuzz Tutorial ==<br />
=== Introduction ===<br />
''“If you can’t fuzz with JBroFuzz, you probably do not want to fuzz!”'' <br />
<br />
<div align="right">Old JBroFuzz Motto </div><br />
<br />
<br />
The art of teaching, Mark Van Doren said, is the art of assisting discovery. Fuzzing is a representative discipline towards assisting the discovery of security vulnerabilities, that is just beginning to come of age. Over the last two years, through continuous development, JBroFuzz has attempted to expose the intrinsic beauty of the subject: Constantly submit a vast amount of payloads to a service, device or prompt, waiting for the one response that makes all the difference. This is the mentality that JBroFuzz embraces and attempts to offer back to security professionals. <br />
<br />
Fuzzing as a concept goes beyond a conventional work flow or a standard methodology. I would argue that to know how to fuzz well, is to master a new language. Thus, similar to the process of learning a programming (or foreign) language, there are three things you must master: <br />
<br />
• Grammar: How fuzzing as a process is structured<br><br />
• Vocabulary: How to name fuzzing concepts you want to use<br><br />
• Usage: Ways of achieving everyday effective results with fuzzing<br><br />
<br />
[[Image:001-JBroFuzz-Tutorial.jpg|300px|right|JBroFuzz Splash Screen]]From the pre-existing information available for JBroFuzz, this tutorial focuses on usage: How to best put a fuzzing tool to good use, either via the UI, or using APIs that ''JBroFuzz.jar'' is constituted of. As a result, this document has a small requirement as a caveat; you need to have a beginner level understanding of the Java programming language in order to understand some sections. <br />
<br />
There are a number of working examples described here within, which '''grep''' for statements such as “''<nowiki>public static void main(String[] args)</nowiki>''”. The majority of the content relates to reviewing these examples and putting the Java syntax into a fuzzing perspective. <br />
<br />
To summarise, this tutorial focuses on customary and effective usage of fuzzing through the JBroFuzz Java APIs and the respective UI. It is targeting (without attacking them) web applications. Without further redo, let’s get fuzzing! <br />
<br />
=== 'Hello Google!' (forget 'Hello World') ===<br />
As the traditional first program that you learn when indulging in a new programming language, 'Hello World!' represents the norm for understanding the basic output operations and syntax (let alone compiler and execution behaviour) of the language in question. <br />
<br />
As with most web application security related tools, when I am given the responsibility to run them, often in order to understand how they work, I would first craft a legitimate, single request to a trusted (to be up and behaving) popular Internet location. Needless, to say this request more than on occasion finds itself on Google servers. <br />
<br />
So 'Hello World!' for programming languages seems to transform to 'Hello Google!' for understanding how web application security related tools work. Let us see, how JBroFuzz does it. <br />
<br />
• Double-click on JBroFuzz and browse to the 'Fuzzing' tab<br />
<br />
JBroFuzz is constituted of tabs, typically located in the bottom or top (if you bother to change the settings) of the main window. <br />
<br />
The 'Fuzzing' tab is where you craft your request message to a particular host. Once that is in place, you can select any part of the request and proceed into adding any number of payloads. We shall see how in later sections.<br />
<br />
• In the 'URL' field type: http://www.google.com/ http://www.google.com<br />
<br />
Unlike conventional URLs, the URL field in JBroFuzz is only used for the underlying protocol (HTTP or HTTPS), host name (e.g. www.yahoo.com) and (optionally) port number.<br />
<br />
All remaining information pasted or typed into the 'URL' field will be ignored; you are expected to enter it in the 'Request' field below.<br />
<br />
<nowiki>Still, if you want to just copy-paste a URL from a browser, hit [Ctrl+L] while you are not fuzzing, paste the URL value that you have copied from a browser and JBroFuzz will automatically do the work for you. </nowiki><br />
<br />
Examples of valid URL values to be put in the<br />
<br />
Treat the 'URL' and 'Request' fields as the two stages of a 'telnet' session on port 80; you are effectively using the 'URL' field to specify the equivalent of: <br />
<br />
<tt>>telnet www.google.com 8088</tt><br />
<br />
As equivalent to:<br />
<br />
<code><br />
http://www.google.com:8088<br><br />
</code><br />
<br />
or in the case of HTTPS:<br />
<br />
<code><br />
https://www.google.com:8088<br><br />
</code><br />
<br />
Naturally, default ports for HTTP is 80 and HTTPS is 443.<br />
<br />
• In the 'Request' field type: <br />
<br />
<code><br />
GET / HTTP/1.0<br><br />
<br><br />
</code><br />
<br />
And press 'Enter' twice<br />
<br />
This is where the body of the message you are sending is to be placed. So anything obeying HTTP/S protocol, such as GET and POST requests, header fields and/or HTML content should be included here.<br />
<br />
As part of the process of fuzzing web applications with JBroFuzz you need to have done your homework, in terms of providing a base request message. This message is what will be used later on to add payloads to particular sections of the request.<br />
<br />
<nowiki>• Hit 'Start' [Ctrl+Enter]</nowiki><br />
<br />
This will instigate the process of sending a single request to the specified host on a given (or default) port, over HTTP or HTTPS.<br />
<br />
Once a connection has been established JBroFuzz will proceed to submit the message you have typed into the 'Request' field.<br />
<br />
Finally, JBroFuzz will log all data sent and received into a file; accessing this file is typically a process of double clicking on the output line on the table at the bottom section of the 'Fuzzing' tab.<br />
<br />
You should see a response received in the bottom part of the 'Fuzzing' panel. Double click (or right click for more options) to see the information exchanged; typically this would be a 302 redirect pointing you to another location. Congratulations, you have just said "Hello" to Google! <br />
<br />
[[Image:002-JBroFuzz-Tutorial.png|500px|JBroFuzz Hello Google!]]<br />
<br />
Now this would typically be enough under RFC rules, to get a response back; but damn all the bots out here, most websites require further information to respond back. So, in the 'Request' field let's pretend to be a (kind of) legitimate browser by typing: <br />
<br />
<code><br />
GET / HTTP/1.0<br><br />
Host: www.google.com<br><br />
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) JBroFuzz/1.5<br><br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-gb,en;q=0.5Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br><br />
<br><br />
</code><br />
<br />
Not forgetting to end the request typed with two returns: Press 'Enter' twice. Again, you should be able to see a line added with the response received back. <br />
<br />
Practice sending single requests to a website of your choice by changing the URL and also the 'Host:' field from the 'Request' above. Also try accessing an HTTPS website. <br />
<br />
<nowiki>Alternatively, you can use the shortcut [Ctrl+L] to type in your URL, with the 'Request' field filled automatically, based on the URL you have typed. </nowiki><br />
<br><br />
=== HTTP Version Numbers & www.cia.gov Headerless Responses ===<br />
For web applications, very often ill-defined requests submitted over the Internet, will trigger semi-legitimate responses that actually do not obey HTTP RFC protocol specification. Often, even though this is not the case in this example, these responses can lead to the identification of one or more security vulnerabilities.<br />
<br />
In this example we test for the responses received for invalid HTTP version numbers on a particular website, namely www.cia.gov, over https. Now a word of caution here; please do not attempt to fuzz web applications that you do not have the authority to do so, especially over the Internet. <br />
<br />
Still, for the purposes of this tutorial exercise, we will subject a web server to no more than a dozen or so requests. These requests would be otherwise identical, if it was not for the HTTP version number incrementing by a value of 1 on each request. <br />
<br />
In terms of having the authority to do so, well this is identical to hitting 'Refresh' in your web browser a dozen or so times, while you are browsing to www.cia.gov. I do not consider this remotely close to any form of hacking, cracking, or proper fuzzing; web servers across the globe receive a lot more abuse than this on a daily basis. <br />
<br />
Finally, by the time you are reading this, the particular issue described might have been fixed. So here goes:<br />
<br />
• Within JBroFuzz, select: <br />
<br />
<code><br />
File -> Open Location [Ctrl+L]<br><br />
</code><br />
<br />
Type: https://www.cia.gov and hit enter. This is depicted in the following screenshot:<br />
<br />
[[Image:003-JBroFuzz-Tutorial.png|JBroFuzz Open Location]]<br />
<br />
Hitting 'Enter' should automatically populate the 'URL' field and the 'Request' field within the 'Fuzzing' tab. What you see is the base request that we intend to add fuzzing payloads to. Before we do so, let us make one small alteration first:<br />
<br />
• Modify the first line of the 'Request' field to:<br />
<br />
<code><br />
GET / HTTP/0.0<br><br />
</code><br />
<br />
Our objective is to enumerate the supported by the web server (in this case www.cia.gov) HTTP version numbers, following the two digit format that it has. We could be a lot more agressive here and test for buffer overflows and all types of injection; that would be out of line without the authority to do so. Instead we are going to see how JBroFuzz will iterate through the values of 0.0 to 1.4 by means of adding a Fuzzer to our base request.<br />
<br />
• Highlight the second zero from the line 'GET / HTTP/0.0' and right-click, selecting 'Add'. This is depicted in the screeshot below:<br />
<br />
[[Image:004-JBroFuzz-Tutorial.png|400px|Adding a Fuzzer to the HTTP version number]]<br />
<br />
• From the appearing 'Add a Fuzzer' window, select as 'Category Name', in the most left column 'Base' and as 'Fuzzer Name' in the middle column 'Base 10 (Decimal) Alphabet.<br />
<br />
• Click on 'Add Fuzzer' on the bottom right of the window<br />
<br />
[[Image:005-JBroFuzz-Tutorial.png|400px|Adding a Fuzzer]]<br />
<br />
This should add a Fuzzer of length 1 that iterates over the decimal (i.e. base 10) numbers 0 to 9. If we have added a hexadecimal Fuzzer instead of a decimal one (i.e. base 16) the iteration would from 0 to F. If we had selected two digits instead of one and proceeded to add a decimal Fuzzer, the iteration would be from:<br />
<br />
<code><br />
00<br><br />
01<br><br />
..<br><br />
98<br><br />
99<br><br />
</code><br />
<br />
From a User Interface (UI) perspective you should see a line added to the 'Added Payloads Table'. <br />
<br />
• Click 'Start' [Ctrl+Enter]<br />
<br />
This process will send 10 requests to the specified web server changing only first line of the request to:<br />
<br />
<code><br />
GET / HTTP/0.0...<br><br />
GET / HTTP/0.1...<br><br />
...<br><br />
GET / HTTP/0.8...<br><br />
GET / HTTP/0.9...<br><br />
</code><br />
<br />
While this is ongoing, you can sort the results by 'No' in the 'Output' table in the bottom of the 'Fuzzing' tab. This should enable you to see what request is currently being transmitted and received in real time.<br />
<br />
Once complete, change the first line of the 'Request' field to read:<br />
<br />
<code><br />
GET / HTTP/1.0<br><br />
</code><br />
<br />
• Click 'Start' [Ctrl+Enter]<br />
<br />
The resulting output should resemble the following screenshot:<br />
<br />
[[Image:006-JBroFuzz-Tutorial.png|500px|JBroFuzz Output from a Fuzzing Session]]<br />
<br />
Straight away we can notice a difference in the response size: For HTTP version numbers 0.0 to 0.9 we are getting back what seems fairly big in size responses; 32222 bytes in size worth of responses, given that HTTP protocol version 0.0 to 0.8 do not officially exist!<br />
<br />
By double-clicking on one of these requests, we can see that the web server in question is responding back with no headers, yet returning a full HTML body; this represents the 32222 bytes of response of data we are receiving back. The following screenshot illustrates this:<br />
<br />
[[Image:007-JBroFuzz-Tutorial.png|300px|JBroFuzz Output for a Single Request/Response]]<br />
<br />
Using the 'Graphing' tab we can proceed to graph the particular requests and responses for this given session. <br />
<br />
• Within the 'Graphing' tab, click 'Start' [Ctrl+Enter]. <br />
<br />
• Select the directory corresponding to the Output folder we have used for this fuzzing session. This will typically be the last one.<br />
<br />
• Right-click and select 'Graph'<br />
<br />
Once complete, browse to the 'Response Size' tab within the 'Graphing' tab, as illustrated in the screenshot below:<br />
<br />
[[Image:008-JBroFuzz-Tutorial.png|300px|JBroFuzz Graphing different 'Response Sizes']]<br />
<br />
To re-iterate this does not present a security vulnerability in any shape or form; merely the fact that by manipulating HTTP version numbers as part of the request we transmit, we can impact the response that we get back. In this case, what changes is the non-existent header fields, with some HTML content being received back.<br />
<br />
If I was to guess what is causing this, I would say that some sort of load balancing or content delivery is not happening as it should when non-existent version numbers are being transmitted.<br />
<br />
===How to Use JBroFuzz as a Fuzzing Library===<br />
<br />
Quite often what you need to do in terms of fuzzing, far exceeds the User Interface (UI) of JBroFuzz. For this reason, a set of core fuzzing APIs have been made available that can be used for more advanced fuzzing scenarios.<br />
<br />
The JBroFuzz.jar standalone archive (made available with every release) carries a core fuzzing library that holds a number of key classes. These are located under:<br />
<br />
<pre><br />
org.owasp.jbrofuzz.core.*;<br />
-Database.java<br />
-Fuzzer.java<br />
-NoSuchFuzzerException.java<br />
-Prototype.java<br />
</pre><br />
<br />
The class of importance is Fuzzer.java. Within JBroFuzz a Fuzzer is an instance of a java Iterator. This implies that values can be accessed by simply calling the <code>next()</code> method once an object has been made available. Typically, a call to <code>hasNext()</code> should also be performed prior to avoid an exception being thrown.<br />
<br />
A Fuzzer can be obtained from the factory method <code>createFuzzer(String, int);</code> available for every instance of the fuzzing Database. Ergo:<br />
<br />
<pre><br />
Database myDatabase = new Database();<br />
<br />
Fuzzer myFuzzer = myDatabase.createFuzzer("FUZ-ZER-ID0", 5);<br />
</pre><br />
<br />
So how do I use the API? Here is a simple HelloFuzzer (file called HelloFuzzer.java) example:<br />
<br />
<pre><br />
import org.owasp.jbrofuzz.core.*;<br />
<br />
public class HelloFuzzer {<br />
<br />
public static void main(String[] args) {<br />
<br />
Database fuzzDB = new Database();<br />
<br />
try {<br />
for(Fuzzer f = fuzzDB.createFuzzer("NUM-HEX-LOW", 4); f.hasNext();) {<br />
// Get the next payload value...<br />
System.out.println(" The fuzzer payload is: " + f.next());<br />
}<br />
} catch (NoSuchFuzzerException e) {<br />
System.out.println("Could not find fuzzer " + e.getMessage());<br />
}<br />
<br />
}<br />
<br />
} // HelloFuzzer.java OWASP JBroFuzz Example 1<br />
</pre><br />
<br />
A command of: <code>javac -classpath JBroFuzz.jar HelloFuzzer.java</code> should compile the above program on command line. <br />
<br />
Within the JBroFuzz.jar file, there is a file called fuzzers.jbrofuzz that carries all the fuzzer definitions that you see in the UI payloads tab of JBroFuzz.<br />
<br />
Fuzzers belong in categories (1 to many) and each fuzzer carries a set of payloads that define the alphabet of the fuzzer.<br />
<br />
Also, you have replacive or recursive fuzzers, based on the OWASP testing guide v2. For example, the hexadecimal alphabet is fuzzer definition is:<br />
<br />
<pre><br />
R:NUM-HEX-LOW:Base16 (Hex) Lowercase:16<br />
> Number Systems | Base | Recursive Fuzzers | Lowercase Fuzzers<br />
0<br />
1<br />
2<br />
3<br />
4<br />
5<br />
6<br />
7<br />
8<br />
9<br />
a<br />
b<br />
c<br />
d<br />
e<br />
f<br />
</pre><br />
<br />
stealing from the file fuzzers.jbrofuzz.<br />
<br />
There is very little preventing you from defining your own fuzzers within this file, by following the file format specified above. You can use the UI to see if they have been loaded successfully. <br />
<br />
Further to recursive and replacive fuzzers you also have zero fuzzers (i.e. a zero fuzzer of 1000 will just transmit 1000 requests as they are, without adding any payloads) double fuzzers, cross product fuzzers, etc. <br />
<br />
Notice the factory method Database.createFuzzer("NUM-HEX", 4) yielding: "I want a 4 digit recursive fuzzer (why because NUM-HEX is recursive in its definition, starts with R: instead of P:) of HEX digits."<br />
<br />
Thus the above scenario would iterate through all the digits from 0000 to ffff. I wouldn't recommend using the above scenario for such trivial fuzzing capabilities; simply presented as an example of the inner workings of JBroFuzz.jar<br />
<br />
A more detailed code breakdown of the above HelloFuzzer example can be found below:<br />
<br />
<pre><br />
/**<br />
* JBroFuzz API Examples 01<br />
*<br />
* JBroFuzz - A stateless network protocol fuzzer for web applications.<br />
* <br />
* Copyright (C) 2007, 2008, 2009 subere@uncon.org<br />
*<br />
* This file is part of the JBroFuzz API examples on how to use the <br />
* fuzzer libraries included in JBroFuzz.jar.<br />
* <br />
* JBroFuzz is free software: you can redistribute it and/or modify<br />
* it under the terms of the GNU General Public License as published by<br />
* the Free Software Foundation, either version 3 of the License, or<br />
* (at your option) any later version.<br />
* <br />
* JBroFuzz is distributed in the hope that it will be useful,<br />
* but WITHOUT ANY WARRANTY; without even the implied warranty of<br />
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br />
* GNU General Public License for more details.<br />
* <br />
* You should have received a copy of the GNU General Public License<br />
* along with JBroFuzz. If not, see <http://www.gnu.org/licenses/>.<br />
* Alternatively, write to the Free Software Foundation, Inc., 51 <br />
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.<br />
* <br />
* Verbatim copying and distribution of this entire program file is <br />
* permitted in any medium without royalty provided this notice <br />
* is preserved. <br />
* <br />
*/<br />
<br />
import org.owasp.jbrofuzz.core.NoSuchFuzzerException;<br />
import org.owasp.jbrofuzz.core.Database;<br />
import org.owasp.jbrofuzz.core.Fuzzer; <br />
<br />
/**<br />
* <p>In JBroFuzz a Fuzzer is a java Iterator.</p><br />
* <br />
* <p>In order to create a Fuzzer, use the factory method<br />
* Database.createFuzzer(String, int), passing as arguments<br />
* the Fuzzer ID and the specified length as a positive int.</p><br />
* <br />
* <p>Be careful to check that the fuzzer ID (labelled as f_ID)<br />
* is actually an existing ID from the Database of Fuzzers.</p><br />
* <br />
* <p>Expected Output:</p><br />
* <code><br />
* The fuzzer payload is: 00000<br><br />
* The fuzzer payload is: 00001<br><br />
* ...<br><br />
* (a total of 16^5 = 1048576 lines)<br><br />
* ...<br><br />
* The fuzzer payload is: ffffd<br><br />
* The fuzzer payload is: ffffe<br><br />
* The fuzzer payload is: fffff<br><br />
* </code><br />
* <br />
* <p>For more information on the Database of Fuzzers, see the<br />
* HelloDatabase Class.</p><br />
* <br />
* @author subere@uncon.org<br />
* @version n/a<br />
*/<br />
public class HelloFuzzer {<br />
<br />
/**<br />
* @param args<br />
*/<br />
public static void main(String[] args) {<br />
<br />
// You have to construct an instance of the fuzzers database<br />
Database fuzzDB = new Database();<br />
// You have to supply a valid fuzzer ID<br />
String f_ID = "NUM-HEX-LOW";<br />
// You have to supply a (+)tive int<br />
int f_len = 5;<br />
<br />
try {<br />
<br />
for(Fuzzer f = fuzzDB.createFuzzer(f_ID, f_len); f.hasNext();) {<br />
<br />
// Get the next payload value...<br />
System.out.println(" The fuzzer payload is: " + f.next());<br />
<br />
}<br />
<br />
} catch (NoSuchFuzzerException e) {<br />
<br />
System.out.println("Could not find fuzzer " + e.getMessage());<br />
<br />
}<br />
<br />
}<br />
<br />
}<br />
</pre><br />
<br />
Also, the second example below focuses on accessing the Database of Fuzzers. In JBroFuzz, all Fuzzers are stored in a Database object that you will be required to construct in order to access them.<br />
<br />
<pre><br />
/**<br />
* JBroFuzz API Examples 02<br />
*<br />
* JBroFuzz - A stateless network protocol fuzzer for web applications.<br />
* <br />
* Copyright (C) 2007, 2008, 2009 subere@uncon.org<br />
*<br />
* This file is part of the JBroFuzz API examples on how to use the <br />
* fuzzer libraries included in JBroFuzz.jar.<br />
* <br />
* JBroFuzz is free software: you can redistribute it and/or modify<br />
* it under the terms of the GNU General Public License as published by<br />
* the Free Software Foundation, either version 3 of the License, or<br />
* (at your option) any later version.<br />
* <br />
* JBroFuzz is distributed in the hope that it will be useful,<br />
* but WITHOUT ANY WARRANTY; without even the implied warranty of<br />
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br />
* GNU General Public License for more details.<br />
* <br />
* You should have received a copy of the GNU General Public License<br />
* along with JBroFuzz. If not, see <http://www.gnu.org/licenses/>.<br />
* Alternatively, write to the Free Software Foundation, Inc., 51 <br />
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.<br />
* <br />
* Verbatim copying and distribution of this entire program file is <br />
* permitted in any medium without royalty provided this notice <br />
* is preserved. <br />
* <br />
*/<br />
<br />
import org.owasp.jbrofuzz.core.NoSuchFuzzerException;<br />
import org.owasp.jbrofuzz.core.Database;<br />
import org.owasp.jbrofuzz.core.Fuzzer; <br />
<br />
/**<br />
* <p>In JBroFuzz all Fuzzers are stored in a Database<br />
* object that you will be required to construct in order<br />
* to access them.</p><br />
* <br />
* <p>Within the Database, each Fuzzer is a collection of <br />
* payloads, which carries a unique ID string value.</p><br />
* <br />
* <p>Example ID values are the output of this program:</p><br />
* <code><br />
* The fuzzer ID is: LDP-INJ<br><br />
* The name of the fuzzer is: LDAP Injection<br><br />
* The id of the fuzzer is: LDP-INJ<br><br />
* The of payloads it carries (it's alphabet) is: 20<br><br />
* It has as 1st payload:<br><br />
* |<br><br />
* The fuzzer ID is: XSS-IE4-567<br><br />
* The name of the fuzzer is: XSS IE<br><br />
* The id of the fuzzer is: XSS-IE4-567<br><br />
* The of payloads it carries (it's alphabet) is: 38<br><br />
* It has as 1st payload:<br><br />
* < img src=`x` onrerror= ` ;; alert(1) ` /><br><br />
*<br />
* </code><br />
* <br />
* <p>Do not be confused between Prototypes and Fuzzers; <br />
* JBroFuzz uses Prototype objects to construct the Fuzzers<br />
* that get added into the Database upon initialisation.</p><br />
* <br />
* <p>As a result, the getter methods available within a Database<br />
* object can carry the name of getAllPrototypeIDs and <br />
* getAllFuzzerIDs interchangebly.</p><br />
* <br />
* @author subere@uncon.org<br />
* @version n/a<br />
*/<br />
public class HelloDatabase {<br />
<br />
/**<br />
* @param args<br />
*/<br />
public static void main(String[] args) {<br />
<br />
// You have to construct an instance of the fuzzers database<br />
Database fuzzDB = new Database();<br />
<br />
// Get a list of all the fuzzer IDs from the database<br />
String[] fuzzer_IDs = fuzzDB.getAllPrototypeIDs();<br />
<br />
System.out.println("The fuzzer IDs found are:");<br />
<br />
for(String fuzzerID : fuzzer_IDs) {<br />
<br />
System.out.println("The fuzzer ID is: " + fuzzerID);<br />
<br />
// We pass of length of 1, irrelevant if we are<br />
// just going to access the first payload<br />
// of the fuzzer<br />
Fuzzer fuzzer;<br />
try {<br />
<br />
fuzzer = fuzzDB.createFuzzer(fuzzerID, 1);<br />
// Normally you should check for fuzzer.hasNext() <br />
String payload = fuzzer.next();<br />
<br />
System.out.println("\tThe name of the fuzzer is:\t\t\t" + fuzzer.getName() );<br />
System.out.println("\tThe id of the fuzzer is:\t\t\t" + fuzzer.getId() );<br />
System.out.println("\tThe of payloads it carries (it's alphabet) is:\t" + fuzzDB.getSize(fuzzerID));<br />
System.out.println("\tIt has as 1st payload:\n\t\t" + payload );<br />
<br />
} catch (NoSuchFuzzerException e) {<br />
System.out.println("Could not find the specified fuzzer!");<br />
System.out.println("Going to print all the fuzzer IDs I know:");<br />
// old vs new for loop :)<br />
// in case of an error, print just the <br />
// fuzzer IDs, accessed from the DB<br />
for(int j = 0; j < fuzzer_IDs.length; j++) {<br />
System.out.println("The fuzzer ID is: " + fuzzer_IDs[j]);<br />
}<br />
<br />
}<br />
<br />
}<br />
<br />
}<br />
<br />
}<br />
</pre><br />
<br />
A final example of this section, involves seeing the usage of all the method calls available in the Fuzzer.java class<br />
<br />
<pre><br />
/**<br />
* JBroFuzz API Examples 03<br />
*<br />
* JBroFuzz - A stateless network protocol fuzzer for web applications.<br />
* <br />
* Copyright (C) 2007, 2008, 2009 subere@uncon.org<br />
*<br />
* This file is part of the JBroFuzz API examples on how to use the <br />
* fuzzer libraries included in JBroFuzz.jar.<br />
* <br />
* JBroFuzz is free software: you can redistribute it and/or modify<br />
* it under the terms of the GNU General Public License as published by<br />
* the Free Software Foundation, either version 3 of the License, or<br />
* (at your option) any later version.<br />
* <br />
* JBroFuzz is distributed in the hope that it will be useful,<br />
* but WITHOUT ANY WARRANTY; without even the implied warranty of<br />
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br />
* GNU General Public License for more details.<br />
* <br />
* You should have received a copy of the GNU General Public License<br />
* along with JBroFuzz. If not, see <http://www.gnu.org/licenses/>.<br />
* Alternatively, write to the Free Software Foundation, Inc., 51 <br />
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.<br />
* <br />
* Verbatim copying and distribution of this entire program file is <br />
* permitted in any medium without royalty provided this notice <br />
* is preserved. <br />
* <br />
*/<br />
<br />
import org.owasp.jbrofuzz.core.NoSuchFuzzerException;<br />
import org.owasp.jbrofuzz.core.Database;<br />
import org.owasp.jbrofuzz.core.Fuzzer; <br />
<br />
/**<br />
* <p>Example iterating through all the methods available<br />
* in the Fuzzer Object and their respective outputs.</p><br />
*<br />
* @author subere@uncon.org<br />
* @version n/a<br />
*/<br />
public class IndigoFuzzerTests {<br />
<br />
/**<br />
* @param args<br />
*/<br />
public static void main(String[] args) {<br />
<br />
// You have to construct an instance of the fuzzers database<br />
Database fuzzDB = new Database();<br />
// You have to supply a valid fuzzer ID<br />
String f_ID = "NUM-HEX-LOW";<br />
// You have to supply a (+)tive int<br />
int f_len = 5;<br />
<br />
try {<br />
<br />
Fuzzer f = fuzzDB.createFuzzer(f_ID, f_len);<br />
<br />
while(f.hasNext()) {<br />
<br />
// Could do this via reflection, but..<br />
f.next();<br />
// System.out.println(" The fuzzer payload is: " + f.next());<br />
System.out.println(" The maximum value is: " + f.getMaximumValue());<br />
<br />
System.out.println(" The current value is: " + f.getCurrectValue());<br />
<br />
<br />
<br />
}<br />
<br />
<br />
} catch (NoSuchFuzzerException e) {<br />
<br />
System.out.println("Could not find fuzzer " + e.getMessage());<br />
<br />
}<br />
<br />
}<br />
<br />
}<br />
</pre><br />
<br />
=== Performing User Enumeration with a Valid Set of Credentials ===<br />
<br />
Often you encounter an application that allows for the enumeration of one or more pages after a user has been successfully granted a set of session credentials. One of the key areas to test from an application specific perspective, relates to the page(s) that provide user account information.<br />
<br />
In the following example, we investigate an ASP.NET 2.0 application with a C# back-end. In this, an authenticated user has the option to select to "View My Profile". This page provides them with account information (including the typical username, email address, further notes) that they can proceed to update and save to the back-end system.<br />
<br />
After a user has authenticated, the following URL, gives them access to their profile information stored on the database:<br />
<br />
<pre><br />
http://www.myattackingdomain.com/portal-location/UserInfo.aspx?UserID=23<br />
</pre><br />
<br />
Simple investigation confirms that the digits allowed as part of the UserID value are decimal numbers only. Lets feed that information into JBroFuzz.<br />
<br />
• Within JBroFuzz, select: <br />
<br />
<code><br />
File -> Open Location [Ctrl+L]<br><br />
</code><br />
<br />
Type: http://www.myattackingdomain.com/portal-location/UserInfo.aspx?UserID=23 and hit enter. This is depicted in the following screenshot:<br />
<br />
[[Image:009-JBroFuzz-Tutorial.png|300px|JBroFuzz 'GET' Request with a 'UserID' parameter]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_JBroFuzz_FAQ&diff=73925OWASP JBroFuzz FAQ2009-11-21T15:02:03Z<p>Leocavallari: </p>
<hr />
<div>[[Category:OWASP JBroFuzz]]<br />
<br />
==JBroFuzz Frequently Asked Questions (FAQ)==<br />
<br />
===Q: What can I find within this section?===<br />
<br />
Frequently asked questions cover basic guidelines and pointers towards aspects of using JBroFuzz, it's purpose and underlying philosophy.<br />
<br />
More detailed information, can be found in the Help Topics section, under <code>Help -> Topics</code>.<br />
<br />
===Q: Fancy wording what does JBroFuzz actually do?===<br />
<br />
JBroFuzz has the ability to send intentionally malformed data to any web server, recording the responses.<br />
<br />
This yields testing certain aspects of the security of web servers, by crafting corresponding requests and reviewing the responses received.<br />
<br />
The term stateless simply implies that the different requests/replies being generated do not depend on previous ones made.<br />
<br />
===Q: What JBroFuzz is not claiming to be..===<br />
<br />
The automated answer to your problems regarding sending a bunch of AAA's to a listening web service.<br />
<br />
Unfortunately, you still have to know a bit about fuzzing web applications, HTTP and HTTPS, headers GET and POST statements, etc.<br />
<br />
==System Requirements==<br />
<br />
===Q: What operating systems has JBroFuzz been tested on?===<br />
<br />
JBroFuzz has been tested on the following operating systems: Mac OSX, Win32, RHEL 4, Centos 4.x, Backtrack 3.<br />
<br />
Also, you will need to have Java 1.6 or greater installed on your system. For more details, view the Java FAQ section, below.<br />
<br />
===Q: What permissions do I need to run JBroFuzz?===<br />
<br />
You will require write permissions within the directory that you execute JBroFuzz from.<br />
<br />
Each time you run JBroFuzz a directory structure for holding all the corresponding files generated while using the tool is created.<br />
<br />
==Java==<br />
<br />
===Q: How do I run the .jar file?===<br />
<br />
Say the file you want to run is named: JBroFuzz.jar<br />
<br />
From the command line type the following:<br />
<br />
<code><br />
>>java -jar JBroFuzz.jar<br />
</code><br />
<br />
You will need to have Java installed on your system. It's probably worth checking: http://www.java.sun.com<br />
<br />
===Q: Do I need a Java Runtime Environment (JRE)?===<br />
<br />
Yes. JBroFuzz will run on any platform for which a JRE is available.<br />
<br />
JREs for Windows, Linux and Solaris can be obtained for free from http://java.sun.com/j2se/downloads.html<br />
<br />
===Q: How much memory should I launch JBroFuzz with?===<br />
<br />
By default the JRE settings are typically limited to 64 Mb of memory. If JBroFuzz is to be used for memory intensive operations, it is advised to use 256 Mb of memory.<br />
<br />
Say the file you want to run with 256Mb of available memory is named: JBroFuzz.jar<br />
<br />
From the command line type the following:<br />
<br />
<code><br />
>>java -jar -Xmx256m JBroFuzz.jar<br />
</code><br />
<br />
You will need to have Java installed on your system. It's probably worth checking: http://www.java.sun.com<br />
<br />
===Q: What version of Java does JBroFuzz require to run?===<br />
<br />
JDK/JRE 1.6 or later.<br />
<br />
==Installation==<br />
<br />
===Q: What files is JBroFuzz released in?===<br />
<br />
There is a standalone executable (.exe), a standalone java archive (.jar) and an installer (.msi) for win32 platforms.<br />
<br />
* JBroFuzz.exe The standalone executable requiring no further installation, simply run the file.<br />
* JBroFuzz.jar The standalone, platform independent java archive requiring no further installation, simply run the file.<br />
* JBroFuzz.msi An installer available for win32 platforms.<br />
<br />
===Q: Do I need to install JBroFuzz?===<br />
<br />
No. JBroFuzz can be run as a standalone executable or java archive with all the functionality and features enabled.<br />
<br />
===Q: I run the exe or jar and the folder jbrofuzz does not get created, what's wrong?===<br />
<br />
For most browsers, if you select to run the exe / jar after it has finished downloading through the web browser, you will be limited to the security policy in place.<br />
<br />
Typically, this will not allow the application to create any files or folders within the downloaded location.<br />
<br />
Run the exe or jar file through the operating system, instead of the browser. Alternatively, download and install JBroFuzz using the msi installer.<br />
<br />
===Q: How can I download the latest copy of JBroFuzz?===<br />
<br />
JBroFuzz is an OWASP Project. It is free to download and open source.<br />
<br />
To make sure you are running the latest version select "Check for Updates..." from the Options menu, within the application.<br />
<br />
==Files & Directories==<br />
<br />
===Q: What files and directories get created when I launch JBroFuzz?===<br />
<br />
At launch JBroFuzz creates the following folders within the directory in which it is.<br />
<br />
<code><br />
jbrofuzz | fuzz | 001 2009-01-01 10-10-50<br />
</code><br />
<br />
The final directory (a timestamp) is where all file fuzzing data is stored in individual files.<br />
<br />
==Fuzzers & Payloads==<br />
<br />
===Q: What is a Fuzzer?===<br />
<br />
A fuzzer is a collection of payloads. A fuzzer contains a particular character set which will be tested against the specified range of the request.<br />
<br />
Some examples of fuzzers:<br />
<br />
* Sending all requests of : 0000 to 1111 (binary prototype over 4 characters)<br />
* Sending all requests of : 00 to 99 (decimal prototype over 2 characters).<br />
<br />
To get a better understanding of how fuzzers work, view the tutorial demo that is available for download.<br />
<br />
===Q: Where are all the fuzzer definitions stored?===<br />
<br />
All fuzzer definitions are loaded from the file fuzzers.jbrofuzz<br />
<br />
This is an internal file within JBroFuzz and can be found inside the JBroFuzz.jar java archive.<br />
<br />
===Q: How do I learn more about fuzzing?===<br />
<br />
An attempt to define the term can be found on the spike mailing list:<br />
<br />
http://marc2.theaimsgroup.com/?l=spike&m=105606327823227&w=2<br />
<br />
http://www.scadasec.net/secwiki/FuzzingTools<br />
<br />
==Older Features/Versions==<br />
<br />
===Q: Where is the "Web Directories" tab?===<br />
<br />
The "Web Directories" tab was removed in version 1.2.<br />
<br />
The original list of directories (directories.jbrofuzz) that was being used in JBroFuzz can still be found in distributions of [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project DirBuster].<br />
<br />
As [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project DirBuster] is a dedicated tool focusing on directory enumeration, it is suggested you use that tool.</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_JBroFuzz_FAQ&diff=73924OWASP JBroFuzz FAQ2009-11-21T15:01:45Z<p>Leocavallari: </p>
<hr />
<div>[Category:OWASP_JBroFuzz]<br />
<br />
==JBroFuzz Frequently Asked Questions (FAQ)==<br />
<br />
===Q: What can I find within this section?===<br />
<br />
Frequently asked questions cover basic guidelines and pointers towards aspects of using JBroFuzz, it's purpose and underlying philosophy.<br />
<br />
More detailed information, can be found in the Help Topics section, under <code>Help -> Topics</code>.<br />
<br />
===Q: Fancy wording what does JBroFuzz actually do?===<br />
<br />
JBroFuzz has the ability to send intentionally malformed data to any web server, recording the responses.<br />
<br />
This yields testing certain aspects of the security of web servers, by crafting corresponding requests and reviewing the responses received.<br />
<br />
The term stateless simply implies that the different requests/replies being generated do not depend on previous ones made.<br />
<br />
===Q: What JBroFuzz is not claiming to be..===<br />
<br />
The automated answer to your problems regarding sending a bunch of AAA's to a listening web service.<br />
<br />
Unfortunately, you still have to know a bit about fuzzing web applications, HTTP and HTTPS, headers GET and POST statements, etc.<br />
<br />
==System Requirements==<br />
<br />
===Q: What operating systems has JBroFuzz been tested on?===<br />
<br />
JBroFuzz has been tested on the following operating systems: Mac OSX, Win32, RHEL 4, Centos 4.x, Backtrack 3.<br />
<br />
Also, you will need to have Java 1.6 or greater installed on your system. For more details, view the Java FAQ section, below.<br />
<br />
===Q: What permissions do I need to run JBroFuzz?===<br />
<br />
You will require write permissions within the directory that you execute JBroFuzz from.<br />
<br />
Each time you run JBroFuzz a directory structure for holding all the corresponding files generated while using the tool is created.<br />
<br />
==Java==<br />
<br />
===Q: How do I run the .jar file?===<br />
<br />
Say the file you want to run is named: JBroFuzz.jar<br />
<br />
From the command line type the following:<br />
<br />
<code><br />
>>java -jar JBroFuzz.jar<br />
</code><br />
<br />
You will need to have Java installed on your system. It's probably worth checking: http://www.java.sun.com<br />
<br />
===Q: Do I need a Java Runtime Environment (JRE)?===<br />
<br />
Yes. JBroFuzz will run on any platform for which a JRE is available.<br />
<br />
JREs for Windows, Linux and Solaris can be obtained for free from http://java.sun.com/j2se/downloads.html<br />
<br />
===Q: How much memory should I launch JBroFuzz with?===<br />
<br />
By default the JRE settings are typically limited to 64 Mb of memory. If JBroFuzz is to be used for memory intensive operations, it is advised to use 256 Mb of memory.<br />
<br />
Say the file you want to run with 256Mb of available memory is named: JBroFuzz.jar<br />
<br />
From the command line type the following:<br />
<br />
<code><br />
>>java -jar -Xmx256m JBroFuzz.jar<br />
</code><br />
<br />
You will need to have Java installed on your system. It's probably worth checking: http://www.java.sun.com<br />
<br />
===Q: What version of Java does JBroFuzz require to run?===<br />
<br />
JDK/JRE 1.6 or later.<br />
<br />
==Installation==<br />
<br />
===Q: What files is JBroFuzz released in?===<br />
<br />
There is a standalone executable (.exe), a standalone java archive (.jar) and an installer (.msi) for win32 platforms.<br />
<br />
* JBroFuzz.exe The standalone executable requiring no further installation, simply run the file.<br />
* JBroFuzz.jar The standalone, platform independent java archive requiring no further installation, simply run the file.<br />
* JBroFuzz.msi An installer available for win32 platforms.<br />
<br />
===Q: Do I need to install JBroFuzz?===<br />
<br />
No. JBroFuzz can be run as a standalone executable or java archive with all the functionality and features enabled.<br />
<br />
===Q: I run the exe or jar and the folder jbrofuzz does not get created, what's wrong?===<br />
<br />
For most browsers, if you select to run the exe / jar after it has finished downloading through the web browser, you will be limited to the security policy in place.<br />
<br />
Typically, this will not allow the application to create any files or folders within the downloaded location.<br />
<br />
Run the exe or jar file through the operating system, instead of the browser. Alternatively, download and install JBroFuzz using the msi installer.<br />
<br />
===Q: How can I download the latest copy of JBroFuzz?===<br />
<br />
JBroFuzz is an OWASP Project. It is free to download and open source.<br />
<br />
To make sure you are running the latest version select "Check for Updates..." from the Options menu, within the application.<br />
<br />
==Files & Directories==<br />
<br />
===Q: What files and directories get created when I launch JBroFuzz?===<br />
<br />
At launch JBroFuzz creates the following folders within the directory in which it is.<br />
<br />
<code><br />
jbrofuzz | fuzz | 001 2009-01-01 10-10-50<br />
</code><br />
<br />
The final directory (a timestamp) is where all file fuzzing data is stored in individual files.<br />
<br />
==Fuzzers & Payloads==<br />
<br />
===Q: What is a Fuzzer?===<br />
<br />
A fuzzer is a collection of payloads. A fuzzer contains a particular character set which will be tested against the specified range of the request.<br />
<br />
Some examples of fuzzers:<br />
<br />
* Sending all requests of : 0000 to 1111 (binary prototype over 4 characters)<br />
* Sending all requests of : 00 to 99 (decimal prototype over 2 characters).<br />
<br />
To get a better understanding of how fuzzers work, view the tutorial demo that is available for download.<br />
<br />
===Q: Where are all the fuzzer definitions stored?===<br />
<br />
All fuzzer definitions are loaded from the file fuzzers.jbrofuzz<br />
<br />
This is an internal file within JBroFuzz and can be found inside the JBroFuzz.jar java archive.<br />
<br />
===Q: How do I learn more about fuzzing?===<br />
<br />
An attempt to define the term can be found on the spike mailing list:<br />
<br />
http://marc2.theaimsgroup.com/?l=spike&m=105606327823227&w=2<br />
<br />
http://www.scadasec.net/secwiki/FuzzingTools<br />
<br />
==Older Features/Versions==<br />
<br />
===Q: Where is the "Web Directories" tab?===<br />
<br />
The "Web Directories" tab was removed in version 1.2.<br />
<br />
The original list of directories (directories.jbrofuzz) that was being used in JBroFuzz can still be found in distributions of [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project DirBuster].<br />
<br />
As [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project DirBuster] is a dedicated tool focusing on directory enumeration, it is suggested you use that tool.</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment&diff=73923Category:OWASP JBroFuzz Project - Version 1.7 Release - Assessment2009-11-21T14:58:59Z<p>Leocavallari: /* Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 */</p>
<hr />
<div><small>[[:Category:OWASP JBroFuzz|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[mailto:yiannis@owasp.org Subere]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= Yes; there a lot of information regarding how to use JBroFuzz, an FAQ section a Help section as well as an online tutorial that still needs a lot of work!<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= GNU GPL v3<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= For the source code: http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/<br />
<br />
| 4. Is there working code? <br />
= Yes; currently in its 179 revision, according to the subversion repository.<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= Yes; most of the roadmap has now being delivered with the continuous addition of enhancements (e.g. the encoder window)<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= I believe so, yes.<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= Both an installer and a stand-alone executable as well as a jar standalone executable.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= An FAQ section and a Help section, as well as an ongoing tutorial guide that can be found: http://www.owasp.org/index.php/OWASP_JBroFuzz_Tutorial<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= Yes, the about box carries version information, production alias email, the license as well as a disclaimer.<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= Yes; using apache ant and running '>ant' after the source code has been downloading. This is also documented on the website.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= Yes; the faq and help sections are stored in the same repository as the source code. The java-doc is derived from the source code. The fuzzing payloads are stored within the repository.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= I would say, yes.<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= Yes; under Help -> FAQ and Help -> Topics<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= Yes; using apache ant and a standard build.xml file<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= Yes.<br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= Yes; for example running the tool from command line with more memory; running the jar file in order to pass a SOCKS5 proxy configuration, etc.<br />
<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Mtesauro|Matt Tesauro]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= (answer #2)<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= (answer #3) <br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= (answer #4)<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= (answer #5)<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= (answer #6)<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= (answer #7)<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= (answer #8)<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= (answer #9)<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= (answer #10)<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= (answer #11)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= (answer #12)<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= (answer #13)<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari Militelli]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = Yes, in a form of Java executable jar file and a MSI Installable package for Windows.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= Yes. I recommend to link the tutorial to the main link section on Project Details and tag the tutorial and other wiki pages to the JbroFuzz category. The videos linked on Main links sections are outdated and does not present the current version. Also, the tutorial and documentation have gaps to be improved.<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= Yes<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= No. The documentation regarding the source code was not found in the wiki, tool repository (sourceforge), or within the downloadable files. It assumes that the user already know what's a fuzzer and how to use it.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= No. The documentation is only available into the Wiki and doesn't explain how to build from source code. <br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= No.<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= Yes.<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= Yes.<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= Yes.<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= <br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= Yes, at Sourceforge<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= No.<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= Yes, since it helps on fuzzing <br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment&diff=73922Category:OWASP JBroFuzz Project - Version 1.7 Release - Assessment2009-11-21T14:02:39Z<p>Leocavallari: </p>
<hr />
<div><small>[[:Category:OWASP JBroFuzz|Click here to return to project's main page]]</small><br><br />
<br />
== Stable Release Review of the OWASP JBroFuzz Project - Release 1.7 ==<br />
<br />
==== Project Leader for this Release ====<br />
'''''[mailto:yiannis@owasp.org Subere]'s Pre-Assessment Checklist:'''''<br />
<br />
{{ Pre-Assessment Questions - Tools<br />
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?<br />
= Yes; there a lot of information regarding how to use JBroFuzz, an FAQ section a Help section as well as an online tutorial that still needs a lot of work!<br />
<br />
| 2. Is your tool licensed under an open source license? <br />
= GNU GPL v3<br />
<br />
| 3. Is the source code and any documentation available in an online project repository? <br />
= For the source code: http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/<br />
<br />
| 4. Is there working code? <br />
= Yes; currently in its 179 revision, according to the subversion repository.<br />
<br />
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release? <br />
= Yes; most of the roadmap has now being delivered with the continuous addition of enhancements (e.g. the encoder window)<br />
<br />
| 6. Are the Alpha pre-assessment items complete?<br />
= I believe so, yes.<br />
<br />
| 7. Is there an installer or stand-alone executable? <br />
= Both an installer and a stand-alone executable as well as a jar standalone executable.<br />
<br />
| 8. Is there user documentation on the OWASP project wiki page? <br />
= An FAQ section and a Help section, as well as an ongoing tutorial guide that can be found: http://www.owasp.org/index.php/OWASP_JBroFuzz_Tutorial<br />
<br />
| 9. Is there an "About box" or similar help item which lists the following? <br />
= Yes, the about box carries version information, production alias email, the license as well as a disclaimer.<br />
<br />
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? <br />
= Yes; using apache ant and running '>ant' after the source code has been downloading. This is also documented on the website.<br />
<br />
| 11. Is the tool documentation stored in the same repository as the source code?<br />
= Yes; the faq and help sections are stored in the same repository as the source code. The java-doc is derived from the source code. The fuzzing payloads are stored within the repository.<br />
<br />
| 12. Are the Alpha and Beta pre-assessment items complete? <br />
= I would say, yes.<br />
<br />
| 13. Does the tool include documentation built into the tool? <br />
= Yes; under Help -> FAQ and Help -> Topics<br />
<br />
| 14. Does the tool include build scripts to automate builds? <br />
= Yes; using apache ant and a standard build.xml file<br />
<br />
| 15. Is there a publicly accessible bug tracking system? <br />
= Yes.<br />
<br />
| 16. Have any existing limitations of the tool been documented? <br />
= Yes; for example running the tool from command line with more memory; running the jar file in order to pass a SOCKS5 proxy configuration, etc.<br />
<br />
}}<br />
<br />
==== First Reviewer ====<br />
'''''[[User:Mtesauro|Matt Tesauro]]'s Review:'''''<br /><br />
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Delete this text and place your answer here. The same for the questions below.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= (answer #2)<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= (answer #3) <br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= (answer #4)<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= (answer #5)<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= (answer #6)<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= (answer #7)<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= (answer #8)<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= (answer #9)<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= (answer #10)<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= (answer #11)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= (answer #12)<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= (answer #13)<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
==== Second Reviewer ====<br />
'''''[[User:Leocavallari|Leonardo Cavallari Militelli]]'s Review:'''''<br /><br />
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small><br />
<br />
{{ Assessment Questions - Tools<br />
<br />
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer? = (answer #1) Yes, in a form of Java executable jar file and a MSI Installable package for Windows.<br />
<br />
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?<br />
= (answer #2) No, only available through application Help menu .<br />
<br />
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?<br />
= (answer #3) Yes<br />
<br />
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?<br />
= (answer #4) The documentation regarding the source code was not found in the wiki, tool repository (sourceforge), or on the downloadable files.<br />
<br />
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?<br />
= (answer #5) No.<br />
<br />
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?<br />
= (answer #6)<br />
<br />
| 7. Does the tool substantially address the application security issues it was created to solve?<br />
= (answer #7)<br />
<br />
| 8. Is the tool reasonably easy to use?<br />
= (answer #8)<br />
<br />
| 9. Does the documentation meet the needs of the tool users and is easily found?<br />
= (answer #9)<br />
<br />
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.<br />
= (answer #10)<br />
<br />
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)<br />
= (answer #11)<br />
<br />
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.<br />
= (answer #12)<br />
<br />
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?<br />
= (answer #13)<br />
<br />
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?<br />
= (answer #14)<br />
<br />
}}<br />
<br />
__NOTOC__<br />
<headertabs/></div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71395OWASP Project Details Table 32009-10-12T18:33:42Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''Project Home page'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''<br />
<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 3}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 3}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 3}} <br />
<br />
<br />
|}<br />
<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=GPC_Project_Details/OWASP_JBroFuzz&diff=71394GPC Project Details/OWASP JBroFuzz2009-10-12T18:31:29Z<p>Leocavallari: </p>
<hr />
<div>[[Category:OWASP Project|JBroFuzz Project]]<br />
[[Category:OWASP Tool]]<br />
[[Category:OWASP Download]]<br />
[[Category:OWASP Alpha Quality Tool]]<br />
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude><br />
| project_name = JBroFuzz <br />
| project_description = '''JBroFuzz''' is a stateless web application fuzzer for requests being made over [http://en.wikipedia.org/wiki/HTTP HTTP] and/or [http://en.wikipedia.org/wiki/Https HTTPS]. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. As a tool, it emerged from the needs of penetration testing. <br />
| project_license = [http://www.gnu.org/licenses/gpl-3.0-standalone.html GNU General Public License v3]<br />
| leader_name = Subere<br />
| leader_email = subere@uncon.org <br />
| leader_username = Yiannis<br />
| past_leaders_special_contributions = TBD<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| presentation_link =<br />
| mailing_list_name = owasp-jbrofuzz<br />
| links_url1 = http://www.sourceforge.net/projects/jbrofuzz JBroFuzz's <br />
| links_name1 = Sourceforge Repository<br />
| links_url2 = http://video.google.co.uk/videoplay?docid=6388655108193715653&q=jbrofuzz <br />
| links_name2 = Video Tutorial - medium quality (to watch)<br />
| links_url3 = http://sourceforge.net/project/showfiles.php?group_id=180679&package_id=209088&release_id=461300 Video Tutorial<br />
| links_name3 = Video Tutorial - high quality (to download); <br />
| links_url4 = http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/ <br />
| links_name4 = Java Documenation, the source code and the latest build<br />
| links_url5 = http://java.sun.com/ <br />
| links_name5 = To run the JBroFuzz's application you need Java 1.6 Runtime Environment<br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map = :Category:OWASP JBroFuzz Project - Roadmap<br />
| project_health_status = <br />
| current_release_name = JBroFuzz 1.7 <br />
| current_release_date = October 2009<br />
| current_release_download_link = http://sourceforge.net/project/platformdownload.php?group_id=180679<br />
| current_release_rating = -1<br />
| current_release_leader_name = Subere<br />
| current_release_leader_email = subere@uncon.org<br />
| current_release_leader_username = Yiannis<br />
| current_release_details = :Category:OWASP JBroFuzz Project - Release 1.6 <br />
| last_reviewed_release_name = JBroFuzz 1.0/OWASP SpoC 07 Release<br />
| last_reviewed_release_date = July 2007<br />
| last_reviewed_release_download_link = http://sourceforge.net/forum/forum.php?forum_id=842897<br />
| last_reviewed_release_rating = 1<br />
| last_reviewed_release_leader_name = Subere<br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = Yiannis<br />
| last_reviewed_release_details = [http://www.owasp.org/index.php/SpoC_007_-_OWASP_JBroFuzz_Project Main links, release roadmap and assessment]<br />
| old_release_name1 = JBroFuzz 1.5<br />
| old_release_date1 = July 2009<br />
| old_release_download_link1 = http://sourceforge.net/project/platformdownload.php?group_id=180679<br />
| old_release_name2 = JBroFuzz 1.4<br />
| old_release_date2 = June 2009<br />
| old_release_download_link2 = http://sourceforge.net/project/platformdownload.php?group_id=180679<br />
| old_release_name3 = JBroFuzz 1.2<br />
| old_release_date3 = January 2009<br />
| old_release_download_link3 = http://sourceforge.net/forum/forum.php?forum_id=910952<br />
| old_release_name4 = JBroFuzz 1.1<br />
| old_release_date4 = September 2008<br />
| old_release_download_link4 = http://sourceforge.net/forum/forum.php?forum_id=869579<br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
| last_GPC_update = 30/09/2009 <br />
| GPC_Notes = Being assessed <br />
| project_home_page=Category:OWASP_JBroFuzz <br />
| project_details_wiki_page=GPC_Project_Details/OWASP_JBroFuzz<br />
}}</div>Leocavallarihttps://wiki.owasp.org/index.php?title=GPC_Project_Details/OWASP_JBroFuzz&diff=71393GPC Project Details/OWASP JBroFuzz2009-10-12T18:30:05Z<p>Leocavallari: minor typo</p>
<hr />
<div>[[Category:OWASP Project|JBroFuzz Project]]<br />
[[Category:OWASP Tool]]<br />
[[Category:OWASP Download]]<br />
[[Category:OWASP Alpha Quality Tool]]<br />
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude><br />
| project_name = JBroFuzz <br />
| project_description = '''JBroFuzz''' is a stateless web application fuzzer for requests being made over [http://en.wikipedia.org/wiki/HTTP HTTP] and/or [http://en.wikipedia.org/wiki/Https HTTPS]. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. As a tool, it emerged from the needs of penetration testing. <br />
| project_license = [http://www.gnu.org/licenses/gpl-3.0-standalone.html GNU General Public License v3]<br />
| leader_name = Subere<br />
| leader_email = subere@uncon.org <br />
| leader_username = Yiannis<br />
| past_leaders_special_contributions = TBD<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| presentation_link =<br />
| mailing_list_name = owasp-jbrofuzz<br />
| links_url1 = http://www.sourceforge.net/projects/jbrofuzz JBroFuzz's <br />
| links_name1 = Sourceforge Repository<br />
| links_url2 = http://video.google.co.uk/videoplay?docid=6388655108193715653&q=jbrofuzz <br />
| links_name2 = Video Tutorial - medium quality (to watch)<br />
| links_url3 = http://sourceforge.net/project/showfiles.php?group_id=180679&package_id=209088&release_id=461300 Video Tutorial<br />
| links_name3 = Video Tutorial - high quality (to download); <br />
| links_url4 = http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/ <br />
| links_name4 = Java Documenation, the source code and the latest build<br />
| links_url5 = http://java.sun.com/ <br />
| links_name5 = To run the JBroFuzz's application you need Java 1.6 Runtime Environment<br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map = :Category:OWASP JBroFuzz Project - Roadmap<br />
| project_health_status = <br />
| current_release_name = JBroFuzz 1.7 <br />
| current_release_date = October 2009<br />
| current_release_download_link = http://sourceforge.net/project/platformdownload.php?group_id=180679<br />
| current_release_rating = -1<br />
| current_release_leader_name = Subere<br />
| current_release_leader_email = subere@uncon.org<br />
| current_release_leader_username = Yiannis<br />
| current_release_details = :Category:OWASP JBroFuzz Project - Release 1.6 <br />
| last_reviewed_release_name = JBroFuzz 1.0/OWASP SpoC 07 Release<br />
| last_reviewed_release_date = July 2007<br />
| last_reviewed_release_download_link = http://sourceforge.net/forum/forum.php?forum_id=842897<br />
| last_reviewed_release_rating = 1<br />
| last_reviewed_release_leader_name = Subere<br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = Yiannis<br />
| last_reviewed_release_details = [http://www.owasp.org/index.php/SpoC_007_-_OWASP_JBroFuzz_Project Main links, release roadmap and assessment]<br />
| old_release_name1 = JBroFuzz 1.5<br />
| old_release_date1 = July 2009<br />
| old_release_download_link1 = http://sourceforge.net/project/platformdownload.php?group_id=180679<br />
| old_release_name2 = JBroFuzz 1.4<br />
| old_release_date2 = June 2009<br />
| old_release_download_link2 = http://sourceforge.net/project/platformdownload.php?group_id=180679<br />
| old_release_name3 = JBroFuzz 1.2<br />
| old_release_date3 = January 2009<br />
| old_release_download_link3 = http://sourceforge.net/forum/forum.php?forum_id=910952<br />
| old_release_name4 = JBroFuzz 1.1<br />
| old_release_date4 = September 2008<br />
| old_release_download_link4 = http://sourceforge.net/forum/forum.php?forum_id=869579<br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
| last_GPC_update = 30/09/2009 <br />
| GPC_Notes = Being assessed <br />
| project_home_page=Category:OWASP_JBroFuzz <br />
| project_details_wiki_page=GPC_Project_Details/OWASP_JBroFuzz</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71392OWASP Project Details Table 32009-10-12T18:26:59Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''Project Home page'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''<br />
<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}}<br />
<br />
|}<br />
<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71388OWASP Project Details Table 32009-10-12T18:18:13Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''<br />
| align="center" bgcolor="#DDDDDD" | '''2'''<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71386OWASP Project Details Table 32009-10-12T18:15:45Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''<br />
| align="center" bgcolor="#DDDDDD" | '''2'''}<br />
<br />
<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71382OWASP Project Details Table 32009-10-12T17:20:33Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''}<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71381OWASP Project Details Table 32009-10-12T17:17:18Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Template:OWASP_Project_Details_Row_3&diff=71380Template:OWASP Project Details Row 32009-10-12T17:15:48Z<p>Leocavallari: </p>
<hr />
<div>|-<br />
| [[:{{{project_home_page}}}| {{{project_name}}}]]<br />
| {{{leader_name}}} - {{{leader_username}}}<br />
| {{#if: {{{mailing_list_name |}}} | {{{mailing_list_name}}} | NA }} <br />
| {{#if: {{{leader_name |}}} | {{{leader_name}}} | NA }}<br />
| {{#if: {{{leader_email |}}} | {{{leader_email}}} | NA }}<br />
| {{#if: {{{leader_username |}}} | {{{leader_username}}} | NA }} <br />
| {{#if: {{{maintainer_name |}}} | {{{maintainer_name}}} | NA }}<br />
| {{#if: {{{maintainer_email |}}} | {{{maintainer_email}}} | NA }} <br />
| {{#if: {{{maintainer_username |}}} | {{{maintainer_username}}} | NA }} <br />
| {{#if: {{{pamphlet_link |}}} | {{{pamphlet_link}}} | NA }} <br />
| {{#if: {{{presentation_link |}}} | {{{presentation_link}}} | NA }} <br />
| {{#if: {{{mailing_list_name |}}} | {{{mailing_list_name}}} | NA }} <br />
| {{#if: {{{links_url1 |}}} | {{{links_url1}}} | NA }} <br />
| {{#if: {{{links_name1 |}}} | {{{links_name1}}} | NA }} <br />
| {{#if: {{{project_road_map |}}} | {{{project_road_map}}} | NA }} <br />
| {{#if: {{{project_health_status |}}} | {{{project_health_status}}} | NA }} <br />
| {{#if: {{{current_release_name |}}} | {{{current_release_name}}} | NA }} <br />
| {{#if: {{{current_release_date |}}} | {{{current_release_date}}} | NA }} <br />
| {{#if: {{{current_release_download_link |}}} | {{{current_release_download_link}}} | NA }} <br />
| {{#if: {{{current_release_rating |}}} | {{{current_release_rating}}} | NA }} <br />
| {{#if: {{{current_release_leader_name |}}} | {{{current_release_leader_name}}} | NA }} <br />
| {{#if: {{{current_release_leader_email |}}} | {{{current_release_leader_email}}} | NA }} <br />
| {{#if: {{{current_release_leader_username |}}} | {{{current_release_leader_username}}} | NA }}<br />
| {{#if: {{{current_release_details |}}} | {{{current_release_details}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_name |}}} | {{{last_reviewed_release_name}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_date |}}} | {{{last_reviewed_release_date}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_download_link |}}} | {{{last_reviewed_release_download_link}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_rating |}}} | {{{last_reviewed_release_rating}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_leader_name |}}} | {{{last_reviewed_release_leader name}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_leader_email |}}} | {{{last_reviewed_release_leader_email}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_leader_username |}}} | {{{last_reviewed_release_leader_username}}} | NA }} <br />
| {{#if: {{{last_GPC_update |}}} | {{{last_GPC_update}}} | NA }}<br />
| {{#if: {{{GPC_Notes |}}} | {{{GPC_Notes}}} | NA }} Empty template<br />
| {{#if: {{{project_home_page |}}} | {{{project_home_page}}} | NA }} <br />
| {{#if: {{{project_details_wiki_page |}}} | {{{project_details_wiki_page}}} | NA }}<br />
}}</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71379OWASP Project Details Table 32009-10-12T17:13:52Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name'''<br />
| align="center" bgcolor="#DDDDDD" | '''project description'''<br />
| align="center" bgcolor="#DDDDDD" | '''project license'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader name'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader email'''<br />
| align="center" bgcolor="#DDDDDD" | '''leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''past leaders special contributions''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer name'''<br />
| align="center" bgcolor="#DDDDDD" | '''maintainer email''' <br />
| align="center" bgcolor="#DDDDDD" | '''maintainer username''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet link''' <br />
| align="center" bgcolor="#DDDDDD" | '''presentation link''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''links url1''' <br />
| align="center" bgcolor="#DDDDDD" | '''links name1''' <br />
| align="center" bgcolor="#DDDDDD" | '''project road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''project health status''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''current release leader username'''<br />
| align="center" bgcolor="#DDDDDD" | '''current release details''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release date''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release download link''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release rating''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader name''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader email''' <br />
| align="center" bgcolor="#DDDDDD" | '''last reviewed release leader username''' <br />
| align="center" bgcolor="#DDDDDD" | '''last GPC update'''<br />
| align="center" bgcolor="#DDDDDD" | '''GPC Notes'''<br />
| align="center" bgcolor="#DDDDDD" | '''project details wiki page'''<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=Template:OWASP_Project_Details_Row_3&diff=71378Template:OWASP Project Details Row 32009-10-12T17:00:31Z<p>Leocavallari: Created page with '|- | {{{project_name}}} | {{{leader_name}}} - {{{leader_username}}} | {{#if: {{{mailing_list_name |}}} | {{{mailing_list_name}}} | NA }} | {{#if: …'</p>
<hr />
<div>|-<br />
| [[:{{{project_home_page}}}| {{{project_name}}}]]<br />
| {{{leader_name}}} - {{{leader_username}}}<br />
| {{#if: {{{mailing_list_name |}}} | {{{mailing_list_name}}} | NA }} <br />
| {{#if: {{{leader_name |}}} | {{{leader_name}}} | NA }}<br />
| {{#if: {{{leader_email |}}} | {{{leader_email}}} | NA }}<br />
| {{#if: {{{leader_username |}}} | {{{leader_username}}} | NA }} <br />
| {{#if: {{{maintainer_name |}}} | {{{maintainer_name}}} | NA }}<br />
| {{#if: {{{maintainer_email |}}} | {{{maintainer_email}}} | NA }} <br />
| {{#if: {{{maintainer_username |}}} | {{{maintainer_username}}} | NA }} <br />
| {{#if: {{{pamphlet_link |}}} | {{{pamphlet_link}}} | NA }} <br />
| {{#if: {{{presentation_link |}}} | {{{presentation_link}}} | NA }} <br />
| {{#if: {{{links_url1 |}}} | {{{links_url1}}} | NA }} <br />
| {{#if: {{{links_name1 |}}} | {{{links_name1}}} | NA }} <br />
| {{#if: {{{project_road_map |}}} | {{{project_road_map}}} | NA }} <br />
| {{#if: {{{project_health_status |}}} | {{{project_health_status}}} | NA }} <br />
| {{#if: {{{current_release_name |}}} | {{{current_release_name}}} | NA }} <br />
| {{#if: {{{current_release_date |}}} | {{{current_release_date}}} | NA }} <br />
| {{#if: {{{current_release_download_link |}}} | {{{current_release_download_link}}} | NA }} <br />
| {{#if: {{{current_release_rating |}}} | {{{current_release_rating}}} | NA }} <br />
| {{#if: {{{current_release_leader_name |}}} | {{{current_release_leader_name}}} | NA }} <br />
| {{#if: {{{current_release_leader_email |}}} | {{{current_release_leader_email}}} | NA }} <br />
| {{#if: {{{current_release_leader_username |}}} | {{{current_release_leader_username}}} | NA }}<br />
| {{#if: {{{current_release_details |}}} | {{{current_release_details}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_name |}}} | {{{last_reviewed_release_name}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_date |}}} | {{{last_reviewed_release_date}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_download_link |}}} | {{{last_reviewed_release_download_link}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_rating |}}} | {{{last_reviewed_release_rating}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_leader_name |}}} | {{{last_reviewed_release_leader name}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_leader_email |}}} | {{{last_reviewed_release_leader_email}}} | NA }} <br />
| {{#if: {{{last_reviewed_release_leader_username |}}} | {{{last_reviewed_release_leader_username}}} | NA }} <br />
| {{#if: {{{last_GPC_update |}}} | {{{last_GPC_update}}} | NA }}<br />
| {{#if: {{{GPC_Notes |}}} | {{{GPC_Notes}}} | NA }} Empty template<br />
| {{#if: {{{project_home_page |}}} | {{{project_home_page}}} | NA }} <br />
| {{#if: {{{project_details_wiki_page |}}} | {{{project_details_wiki_page}}} | NA }}}<br />
}}</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71341OWASP Project Details Table 32009-10-11T16:31:30Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
<br />
<br />
|}<br />
{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 1}} <br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
|}<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71340OWASP Project Details Table 32009-10-11T16:30:37Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
<br />
<br />
|}<br />
{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
|}<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_3&diff=71339OWASP Project Details Table 32009-10-11T16:30:08Z<p>Leocavallari: Created page with '{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse" |- | align="center" bgcolor="#DDDDDD" | '''project name''' | align="center" bgcolor="#DDDDDD" | '…'</p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
<br />
<br />
|}<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_2&diff=71338OWASP Project Details Table 22009-10-11T16:28:24Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 2}} <br />
<br />
|}<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_2&diff=71337OWASP Project Details Table 22009-10-11T13:36:23Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 2}} <br />
<br />
|}<br />
<br />
{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''1''' <br />
| align="center" bgcolor="#DDDDDD" | '''2''' <br />
| align="center" bgcolor="#DDDDDD" | '''3''' <br />
| align="center" bgcolor="#DDDDDD" | '''4''' <br />
| align="center" bgcolor="#DDDDDD" | '''5''' <br />
| align="center" bgcolor="#DDDDDD" | '''6''' <br />
| align="center" bgcolor="#DDDDDD" | 7<br />
| align="center" bgcolor="#DDDDDD" | 8<br />
| align="center" bgcolor="#DDDDDD" | 9<br />
| align="center" bgcolor="#DDDDDD" | 10<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2 | OWASP Project Details Row 3 | OWASP Project Details Row 4 | OWASP Project Details Row 5}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
|}<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_2&diff=71336OWASP Project Details Table 22009-10-11T13:33:14Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 2}} <br />
<br />
|}<br />
<br />
{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''1''' <br />
| align="center" bgcolor="#DDDDDD" | '''2''' <br />
| align="center" bgcolor="#DDDDDD" | '''3''' <br />
| align="center" bgcolor="#DDDDDD" | '''4''' <br />
| align="center" bgcolor="#DDDDDD" | '''5''' <br />
| align="center" bgcolor="#DDDDDD" | '''6''' <br />
| align="center" bgcolor="#DDDDDD" | 7<br />
| align="center" bgcolor="#DDDDDD" | 8<br />
| align="center" bgcolor="#DDDDDD" | 9<br />
| align="center" bgcolor="#DDDDDD" | 10<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
|}<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_2&diff=71335OWASP Project Details Table 22009-10-11T13:20:59Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 2}} <br />
<br />
|}<br />
<br />
{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''1''' <br />
| align="center" bgcolor="#DDDDDD" | '''2''' <br />
| align="center" bgcolor="#DDDDDD" | '''3''' <br />
| align="center" bgcolor="#DDDDDD" | '''4''' <br />
| align="center" bgcolor="#DDDDDD" | '''5''' <br />
| align="center" bgcolor="#DDDDDD" | '''6''' <br />
| align="center" bgcolor="#DDDDDD" | 7<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
|}<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_2&diff=71333OWASP Project Details Table 22009-10-11T12:55:04Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 2}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=OWASP_Project_Details_Table_2&diff=71332OWASP Project Details Table 22009-10-11T12:54:36Z<p>Leocavallari: </p>
<hr />
<div>{| cellspacing="3" cellpadding="2" border="1" style="border-collapse: collapse"<br />
|-<br />
| align="center" bgcolor="#DDDDDD" | '''project name''' <br />
| align="center" bgcolor="#DDDDDD" | '''leader name / WIKI username''' <br />
| align="center" bgcolor="#DDDDDD" | '''mailing list name''' <br />
| align="center" bgcolor="#DDDDDD" | '''road map''' <br />
| align="center" bgcolor="#DDDDDD" | '''pamphlet''' <br />
| align="center" bgcolor="#DDDDDD" | '''current_release_details''' <br />
| align="center" bgcolor="#DDDDDD" | License<br />
<br />
{{:GPC_Project_Details/OWASP_JBroFuzz | OWASP Project Details Row 3}} <br />
{{:GPC_Project_Details/OWASP_Orizon_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Vicnum_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_.NET_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Enterprise_Security_API | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API Java EE Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API .NET Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Classic ASP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - PHP Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - ColdFusion/CFML | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Python Version | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Enterprise Security API - Haskell Version | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Access_Control_Rules_Tester_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AIR_Security_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Anti-Malware_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AntiSamy_Project_.NET | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Requirements_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_AppSensor_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_ASDR_Project | OWASP Project Details Row 2}} <br />
{{:GPC_Project_Details/OWASP_Application_Security_Verification_Standard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Backend_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Best_Practices:_Web_Application_Firewalls | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CAL9000_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Certification_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Classic_ASP_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Crawler | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Code_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFGuard_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_CSRFTester_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_DirBuster_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Education_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_EnDe | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP OpenSign Server Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Google_Hacking_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Internationalization | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_JSP_Testing_Tool_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Learn_About_Encoding_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Legal_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_NetBouncer_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Open_Review_Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP PHP Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Proxy_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Positive_Security_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Python_Static_Analysis_Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Ruby on Rails Security Guide V2 | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Scrubbr | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Securing WebGoat using ModSecurity Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Speakers Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Security Spending Benchmarks Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Skavenger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/Software_Assurance_Maturity_Model | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Source Code Flaws Top 10 Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP_Spanish | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sprajax Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Sqlibench Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Stinger Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Teachable Static Analysis Workbench Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Testing Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Top Ten Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Wapiti Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP Webekci Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebGoat Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP WebScarab Project | OWASP Project Details Row 2}}<br />
{{:GPC Project Details/OWASP WSFuzzer Project | OWASP Project Details Row 2}}<br />
{{:GPC_Project_Details/OWASP Yasca Project | OWASP Project Details Row 2}} <br />
<br />
|}<br />
<br />
<br />
* For more details on how this works see [[GPC Info On Editing Templates]]</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User:Leocavallari&diff=70770User:Leocavallari2009-10-05T22:42:37Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [http://www.linkedin.com/in/leocavallari Profile], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User:Leocavallari&diff=70769User:Leocavallari2009-10-05T22:42:21Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [[http://www.linkedin.com/in/leocavallari Profile]], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User:Leocavallari&diff=70768User:Leocavallari2009-10-05T22:42:07Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [[www.linkedin.com/in/leocavallari Profile]], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].</div>Leocavallarihttps://wiki.owasp.org/index.php?title=User:Leocavallari&diff=70767User:Leocavallari2009-10-05T22:41:53Z<p>Leocavallari: </p>
<hr />
<div>* Leonardo Cavallari Militelli's [www.linkedin.com/in/leocavallari Profile], [mailto:leo.cavallari@owasp.org Mail Contact] and [[:Special:Contributions/Leocavallari|Wiki Contributions]].</div>Leocavallari