OWASP - User contributions [en]

Huntsville Alabama

2010-02-27T07:43:02Z

Packetfocus: /* Local Huntsville Alabama OWASP Chapter News */

{{Chapter Template|chaptername=Huntsville, Alabama|extra=The chapter leader is [mailto:josh@packetfocus.com Josh Perrymon]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Huntsville_Alabama|emailarchives=http://lists.owasp.org/pipermail/owasp-Huntsvlle_Alabama}}

<paypal>Huntsville, Alabama</paypal>

== Local News - Chapter is ACTIVE ==

'''Meeting Location - VERIFIED'''

The Huntsville chapter Committee met today (Feb 27,2010) and have official secured several high quality meeting locations. The first public meeting will be held at the new SAIC(SAIC.com) location in Huntsville’s Research Park. SAIC has also mentioned that we will have continual access to the conference room depending on the number of attendees.

Google map link to the location [http://maps.google.com/maps?q=6723+Odyssey+Drive+Huntsville,+AL+35806].

TThe SAIC conference room that is currently approved will hold approximately 10-15 attendees comfortably. Other approved locations include the new CB&S Bank downtown location, and Intergraph in Huntsville. The CB&S conference room i will hold 12-17 and if additional space is required Intergraph has an auditorium that would be accessible. Based on other groups, we estimate 10-30 attendees for the initial March meeting (March 24, 2010)

''When the Chapter meets''

The Huntsville OWASP Chapter will meet the third (3rd) Wednesday of every month. The first meeting will be in March 2010. However, due to spring break, the first public meeting will be re-scheduled to March 24, 2010. The normal meeting schedule will return in April, and the projected date is April 12-2010. Location will vary depending on RSVP.

The March 24, 2010 meeting will provide an overview of OWASP and include high level information on projects, funding, current news, future plans, and an open discussion on the local Huntsville Chapter. A short presentation on OWASP will be provided by Joshua Perrymon, who will then open the meeting to the open discussion. We urge you to attend to better understand OWASP, what the Huntsville chapter is planning, and to provide feedback on current application security issues.
<pre>Chapter Meeting Times/ Schedule</pre>
11:30 -11:45 : Lunch / Social 11:45 -12:00 : Chapter News /Updates 12:00-:12:30-12:45 Talk (This is variable based on content and type of presenation)  12:45-1:00- Open Discussion / Q&A / FeedBack for next meetings content 

* This is a rough schedule, but we will attempt to stick to it as close as possible. If presentations are to be over an hour appropriate announcements will be made ahead of time for scheduling. We understand that everyone can't be out of the office for several hours, and want to pack as much value and content into the alloted time as possible. The goal is for each atendee to walk away with usable information and value. If we are not doing that, thencontact us and let us know how to improve our meeting process.

''Potential Training/ 1-day Application Security Conference Idea''

We have discussed having a one day conference focused on Application Security. Tracks would be based on OWASP content, projects, methods, etc and how to put it all together to create and maintain an effective application security program.

Tracks/Session may be split based on technical and management focused material. This may be held Q4 2010 depending on community feedback, planning and budget. We can also start on a smaller scale to define a workable model before investing in a much larger event. 

Attendees would be charged an affordable fee of $100-$250 with proceeds from the conference going directly into the Chapters OWASP PayPal fund. Vendor space would be available to help support the event as well.

Ideas/Comments may be sent to Joshua Perrymon (Josh AT PacketFocus.com)

<pre>Huntsville Chapter Board Members</pre>
The Huntsville Board has been selected for 2010 and had the first planning meeting February 27, 2010 at SAIC in Huntsville. The board was selected by community security leaders from a diverse background of companies. The board represents different members from various roles in each of their respective organizations to bring broad perspective, cross-industry experience, and to ensure the chapter operates effectively and provides value back to the community.

 
'''Board Chairman:'''
Joshua Perrymon: ''PacketFocus''

'''Board Members:'''

*Bob Luedeman: ''CB&S Bank''

*Dean V. Della Pella: ''Intergraph''

*Mike Lyman: ''SAIC''

*Harold Cook: ''SAIC''

''Current board responsibilities include:''

Speaker selection, budgeting/accounting, marketing, operations, integration with other security organizations, updating content, obtaining feedback from the local community, venue selection, catering, and event planning to name a few. The overall vision is to raise application security awareness among all Huntsville companies/organizations. We also want to bridge the gap between executive and technical in relation to application security to ensure a cohesive process that works from the top down.

 

<pre>'''Becoming a Member: Do I have to be a "member" to attend. '''</pre>
The professional association of OWASP Foundation is a not-for-profit 501c3 charitable organization not associated with any commercial product or service. OWASP is an open source project dedicated to finding and fighting the causes of insecure software to be successful we need your support. OWASP individuals, supporting educational and commercial organization form an application security community that works together to create articles, methodologies, documentation, tools, and technologies (“OWASP Materials”).

- 2009 Membership Powerpoint [http://www.owasp.org/images/3/34/OWASP_2009MembershipDrive.ppt www.owasp.org/images/3/34/OWASP_2009MembershipDrive.ppt]

Membership Page Link for full details: [http://www.owasp.org/index.php/Membership www.owasp.org/index.php/Membership]

'''Membership Levels'''

$50 - Individual Supporters

TBD- '''Single Meeting Supporter'''

'''$5000 - Organization Supporters'''

'''FREE - Accredited University Supporters  ([http://www.ed.gov/admins/finaid/accred/index.html www.ed.gov/admins/finaid/accred/index.html] )'''

'''FREE''' to attend a meeting

'''Why Should I Become An OWASP Member or Organization Supporter'''

OWASP provides documentation, tools, methodologies, standards, articles, and message forums (“OWASP Materials”) as a service to Internet users worldwide to help users and developers understand more about application security. OWASP makes these materials available to end users to help them acquire, build, test, and operate secure software. In addition to the benefits you receive as described above, your membership helps to support the growth of OWASP and the development of new and improved OWASP Materials. Because we are an open, non-commercial entity, we can take on projects that commercial entities driven by profit motives could not. Everyone benefits from these projects. Your support will help OWASP continue to find and fight the causes of insecure software.

 '''How Are Funds Used?'''

OWASP is a 501c3 not-for-profit foundation, and all funds go directly to support OWASP projects, grants, chapters, and infrastructure. Our funds come from conferences, memberships, advertising, and individual and organization supporter contributions. The local chapter receives 40% of membership dues to fund overhead and growth. All records are documented, and maintained by OWASP and a local Huntsville Chapter board member.

 '''Who Must Become an OWASP Member'''?

'''Memberships are not required to use OWASP materials under each project's open source license. Also, anyone can participate in or contribute to an OWASP project without becoming a member. Your membership fees are what make the various OWASP projects possible.'''

 '''How Can I Become An OWASP Member?'''

To become an OWASP Member, an individual or organization must: Agree to the terms and conditions of the OWASP Membership Agreement. Pay the appropriate membership fee, depending on what type of OWASP Membership is indicated. (See top of page for both) Keep OWASP updated with accurate contact and business profile information. Enrollment as an OWASP Member is required before a commercial license to use the materials is established. The term of the agreement is one year from the date of execution. We appreciate your interest in becoming an OWASP Member. Click the "Register Now" logo to begin the OWASP Member registration process:

[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=c6554982-632d-4218-8c77-636ee772baff guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx][[Image:https://www.owasp.org/images/9/9d/Register_now.gif]]

You can also complete the Membership Form and make your payment by mail. Please contact Kate Hartmann for information on wire transfer or other processing methods.

 

'''Quick list of useful OWASP Documentation and Projects'''

OWASP Development Guide
a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)

http://www.owasp.org/index.php/Category:OWASP_Guide_Project

 
OWASP .NET Project
http://www.owasp.org/index.php/Category:OWASP_.NET_Project
the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)

 
OWASP Testing Guide
http://www.owasp.org/index.php/Category:OWASP_Testing_Project
a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)

OWASP Top Ten Project
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

 
OWASP Application Security Verification Standard Project
http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying)

Huntsville Alabama

2010-02-25T06:21:07Z

Packetfocus: /* Local News */

Huntsville Alabama

2010-02-25T06:14:30Z

Packetfocus: /* Local News */

Huntsville Alabama

2010-02-25T06:06:53Z

Packetfocus: /* Local News */

Huntsville Alabama

2010-02-25T06:05:48Z

Packetfocus: /* Local News */

Global Projects and Tools Committee - Application 2

2009-05-12T17:54:07Z

Packetfocus:

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Brad Causey
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP OpenPGP Extensions for HTTP Reviewer
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Projects and Tools Committee
|}
----

----
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''.
An incomplete application will not be considered for vote.
----

----
{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white"|
! align="center" style="background:#7B8ABD; color:white"|'''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white"|'''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white"|'''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center"|'''1'''
| style="width:20%; background:#cccccc" align="center"|Arturo Busleiman (a.k.a Buanzo)
| style="width:20%; background:#cccccc" align="center"|Project Leader
| style="width:57%; background:#cccccc" align="center"|Brad is an exceptional individual, a through professional. OWASP would only get better with him in the Projects and Tools Committee. I met him during OWASP EU Summit 2008 in Portugal. Matt Tesauro, himself and I worked together to give a presentation on security at the Algarve University with < 12 hours to spare. Brad is great at getting feedback, combining ideas. A must.
|-
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"|Rogan Dawes
| style="width:20%; background:#cccccc" align="center"|Project Leader
| style="width:57%; background:#cccccc" align="center"|I think Brad would make an excellent addition to the Committee. He is an exceptional individual, technically excellent as well as committed to ensuring the success of OWASP.
|-
| style="width:3%; background:#cccccc" align="center"|'''3'''
| style="width:20%; background:#cccccc" align="center"|Paolo Perego (a.k.a. thesp0nge)
| style="width:20%; background:#cccccc" align="center"|Project leader
| style="width:57%; background:#cccccc" align="center"|Brad is a passionate professionist and he is a great person to spend your time with. I think his competence and his skills can be an outstanding plus for the Projects ant Tool Commitee.
|-
| style="width:3%; background:#cccccc" align="center"|'''4'''
| style="width:20%; background:#cccccc" align="center"|Dan Cornell
| style="width:20%; background:#cccccc" align="center"|Global Membership Committee Member
| style="width:57%; background:#cccccc" align="center"|Brad is a solid professional and ardent OWASP supporter. I believe he would be an excellent addition to the Projects and Tools Committee.
|-
| style="width:3%; background:#cccccc" align="center"|'''5'''
| style="width:20%; background:#cccccc" align="center"|Joshua Perrymon
| style="width:20%; background:#cccccc" align="center"|Alabama Chapter Leader/Project Leader
| style="width:57%; background:#cccccc" align="center"|I have worked closely with Brad on several projects, including the Lunker phishing tool. His knowledge and understanding of IT Risk and Controls makes him a value to any project or committee. I agree he would be an excellent addition to the Projects and Tools Committee.
|}
----

OWASP EU Summit 2008

2008-09-03T16:54:58Z

Packetfocus: /* CONFERENCE AGENDA - November 6th and 7th */

(WORK IN PROGRESS)

{|
! width="300" align="left"|
! width="200" align="center" |
! width="500" align="center" |
|-
| align="center"|__TOC__
| align="center"|[[Image:OWASP EU Summit Portugal 2008.jpg]]
| align="left"|
* '''Main Links'''
*
*
*
* [[OWASP EU Summit 2008 Internals|OWASP EU Summit 2008 Internals]]
* [[OWASP EU Summit 2008--PRESS|Press Information]]
|}

== OWASP EU SUMMIT 2008 OVERVIEW ==
* OWASP Summit is a worldwide gathering of OWASP leaders and Key Industry Players to: present and discuss the latest OWASP tools and documentation projects, to use Working Sessions to improve collaboration and achieve specific goals and to decide roadmaps for OWASP projects, chapters and for OWASP itself.

* The first OWASP Summit - OWASP EU Summit Portugal 2008 - will take place in Algarve, Portugal between 4th and 7th of November 2008. The four-day event is split into a two-day conference, in which more than 40 OWASP specific presentations will be held, and two days of working sessions of open debate covering multiple projects and goals, e.g., OWASP Strategic Planning, OWASP Top 10 2009, Winter Of Code 2009, EASPI Project, Code Review Version 2, Testing Guide Version 4, OWASP Certifications, OWASP Awards, OWASP Application Security Desk Reference (ASDR), and OWASP Website.

* If you want to know what resources OWASP has available for you, want to move on from the Top 10, Testing Guide, WebGoat and WebScarab, but don't know where to begin, the OWASP European Summit is the place to go. There, you will see presentations of the most relevant OWASP projects, meet the OWASP Leaders who made them and discuss (and help defining) the development roadmaps for 2009.

== CONFERENCE AGENDA - November 6th and 7th ==

Under development. Please contact michael.coates{at}aspectsecurity.com with any questions or feedback.

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

{| style="width:80%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white" | Day 3 - November 6, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: <Room 1>
| style="width:40%; background:#BCA57A" | Track 2: Council Room
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee <Diamond Sponsor>
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:05 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP Summit Europe 2008
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 09:05-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: text [https://www.owasp.org/ link]
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
''Dinis Cruz''
|-
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 10:40-10:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Classic ASP Security Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Enigform and mod_Openpgp]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Corporate Application security guide
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP OpenSign Server Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:20-11:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Internationalization Guidelines
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Access Control Rules Tester Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:40-11:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP ASDR
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Orizon Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | Refresh Attacks list
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Skavenger Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 12:20-12:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Spanish Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | WebScarab-NG]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 12:35-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Code Review Guide Lead
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Pantera]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 14:20-14:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Ruby on Rails Security Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Live CD 2008]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 14:40-14:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP AppSensor
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Teachable Static Analysis Workbench]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Securing WebGoat using ModSecurity
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP WeBekci Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 15:20-15:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Positive Security
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Source Code Review OWASP Projects]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 15:35-15:55 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Backend Security Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 16:20-16:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Phishing Framework]]
''[[user link | Joshua Perrymon]], PacketFocus''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | TBD]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 16:40-16:45 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | TBD
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | TBD]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | [[SummitEU08_link | Event Title ]] Organized by
|-
|-
| style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks at ...
|-
! colspan="3" align="center" style="background:#4058A0; color:white" | Day 4 - November 7, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: <Room 1>
| style="width:40%; background:#BCA57A" | Track 2: <Room 2 pending>
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee <Diamond Sponsor>
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: text [https://www.owasp.org/ link]
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP Looking Forward
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 10:40-11:05 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | Release Quality Project TBD
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | ESAPI]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:10-11:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | Release Quality Project TBD]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | Key OWASP projects TBD]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:40-12:30 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP Financials & Operations
|-
| style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:55 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP On the Move (OoTM), Project Management, Governance
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:55 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Chapter Leaders Development Update
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:50 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP next Steps, Financial Investment Plans
|-
| style="width:10%; background:#7B8ABD" | 15:50-16:05 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 16:05-16:55 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | TBD
|-
| style="width:10%; background:#7B8ABD" | 18:00-19:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | [[SummitEU08_link | Event Title ]] Organized by
|-
| style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks at ...}
|-
|}

Venue: <address> [http://owasp.org Google Maps Link]

Registration is available via the OWASP Conference Cvent site at: [http://owasp.org Cvent link]

== WORKING SESSIONS - November 4th and 5th ==

== [[:OWASP EU Summit 2008 Training | TRAINING COURSES - November 3rd and 4th]] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | Course - Number of days - Price
|-
| style="background:#F2F2F2" |
[[:OWASP EU Summit 2008 Training | Learn More Here]]

Instructor:
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | Course - Number of days - Price
|-
| style="background:#F2F2F2" |

[[:OWASP EU Summit 2008 Training | Learn More Here]]

Instructor:
'''
|-
! align="center" style="background:#4058A0; color:white" | Course - Number of days - Price
|-
| style="background:#F2F2F2" |

[[:OWASP EU Summit 2008 Training | Learn More Here]]

Instructor:
|-
! align="center" style="background:#4058A0; color:white" | Course - Number of days - Price
|-
| style="background:#F2F2F2" |
[[:OWASP EU Summit 2008 Training | Learn More Here]]

Instructor:
|-

|}

OWASP EU Summit 2008

2008-08-25T16:34:51Z

Packetfocus: /* Provisory list of 'expenses paid' participants */

(WORK IN PROGRESS /UNDER DISCUSSION)
== UPDATES ==
*[[OWASP EU Summit 2008 - updates|'''OWASP EU Summit 2008 - updates''']]

== What: OWASP Summit, a conference about OWASP and for OWASP's community ==
=== When: 4 to 7 Nov 2008 (4 & 5: Meetings and Training, 6 & 7: Conference) ===
=== Where: Portugal ===
Faro or Lisbon
=== Organization===
Dinis Cruz, Paulo Coimbra and the OWASP Summit Team - Eduardo Neves, Leonardo Cavallari Militelli, Mark Roxberry, Michael Coates, Arturo 'Buanzo' Busleiman.

== Agenda ==
Theme: Present OWASP's projects, community and activities ..... '....Connecting the dots.... "

'''Day 1 & 2'''
*Training sessions (similar to what happens at the moment at the other OWASP conferences)
*OWASP Working Group sessions (1/2 day each) on:
** OWASP Governance, "What is OWASP's position on ...." & Action Plan for 2009
** ESAPI
** Browser Security
** OWASP Top 10 2009

'''Day 3 & 4 Agenda:'''
* Presentations from AoC, SpoC and SoC Participants
* Presentations from 'Release' Quality OWASP projects (not included in the list above) or Key OWASP projects (like ESAPI)
* Presentations about OWASP : How it works, Financial reports, OotM (OWASP on the Move), new project management guidelines, local chapter finances, OWASP governance
* Presentation from Chapter leaders on the activities developed on their project
* Discussion on next steps for OWASP and focus of next OWASP financial investment plans

Other ideas:

* vote on 6th OWASP board member (Candidates to Apply)

== other details==

'''Projected Attendees:450 '''
* 200 with some (or all) expenses covered by OWASP
** 33 SoC participants
** 70 SoC reviewers
** 10 SoC Collaborators
** 15 AoC & SpoC participants
** 15 Chapter Leaders
** 8 OWASP Board & Employees
** 49 OWASP non-individual members (2x per 9k Corporate? 1x for the others?)

=== Financial details ===
'''Expenses'''
* Accommodation & meals: 80,000 USD = 400 USD per person (200x) for 3 nights accommodation and 5 meals (3 dinners and 2 lunches)
* Flights & Trains : 70,000 USD

'''Revenue sources'''
* Tickets (for the 250 non 'OWASP invited' attendees)
* Training Sessions
* Conference sponsors

== Provisory list of 'expenses paid' participants ==

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECTED CONFERENCE PAID ATTENDEES AND/OR SPEAKERS - NEEDS OWASP BOARD CONFIRMATION'''
|-
| style="width:20%; background:#b3b3b3" align="center"|'''NAME'''
| style="width:40%; background:#b3b3b3" align="center"|'''POSITION/REASON OF ATTENDANCE'''
| style="width:20%; background:#b3b3b3" align="center"|'''COUNTRY'''
| style="width:20%; background:#b3b3b3" align="center"|'''DEPARTURE (AIRPORT/CITY)'''
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP BOARD MEMBERS & EMPLOYEES'''
|-
| style="width:20%; background:#cccccc" align="center"|Williams
| style="width:40%; background:#cccccc" align="center"|Board, Chair, Wiki, Management
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Dave Wichers
| style="width:40%; background:#cccccc" align="center"|Board, Conferences, Financials
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Dinis Cruz
| style="width:40%; background:#cccccc" align="center"|Board, Firehose of Ideas and Money spender
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Tom Brennan
| style="width:40%; background:#cccccc" align="center"|Board, OWASP Governance
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Sebastien Deleersnyder
| style="width:40%; background:#cccccc" align="center"|Board, OWASP Chapters and Projects
| style="width:20%; background:#cccccc" align="center"|Belgium
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Paulo Coimbra
| style="width:40%; background:#cccccc" align="center"|Employee, Project Manager
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Kate Hartmann
| style="width:40%; background:#cccccc" align="center"|Employee, Operations Director
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Alison McNamee
| style="width:40%; background:#cccccc" align="center"|Employee, Accounting
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Larry Casey
| style="width:40%; background:#cccccc" align="center"|Employee, Director of Information Technology
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SUMMER OF CODE 2008 PROJECT LEADERS & REVIEWERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Achim Hoffmann
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Skavenger Project, OWASP w3af Project
| style="width:20%; background:#cccccc" align="center"|Germany
| style="width:20%; background:#cccccc" align="center"|Frankfurt or Munich
|-
| style="width:20%; background:#cccccc" align="center"|Alexander Fry
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Source Code Review OWASP Projects OWASP Teachable Static Analysis Workbench OWASP WeBekci Project
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Andrew Petukhov
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Access Control Rules Tester Project
| style="width:20%; background:#cccccc" align="center"|Russia
| style="width:20%; background:#cccccc" align="center"|Moscow
|-
| style="width:20%; background:#cccccc" align="center"|Arturo Alberto Busleiman
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Enigform and mod_Openpgp
| style="width:20%; background:#cccccc" align="center"|Argentina
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Carlo Pelliccioni
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Backend Security Project
| style="width:20%; background:#cccccc" align="center"|Italy
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Eduardo Vianna de Camargo Neves
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Positive Security
| style="width:20%; background:#cccccc" align="center"|Brazil
| style="width:20%; background:#cccccc" align="center"|Curitiba (CWB)
|-
| style="width:20%; background:#cccccc" align="center"|Eoin Keary
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Code Review Guide, Chapter Leader
| style="width:20%; background:#cccccc" align="center"|Ireland
| style="width:20%; background:#cccccc" align="center"|Dublin (DUB)
|-
| style="width:20%; background:#cccccc" align="center"|Esteban Ribicic
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Backend Security Project OWASP Classic ASP Security Project OWASP AntiSamy .NET OWASP Interceptor Project - 2008 Update
| style="width:20%; background:#cccccc" align="center"|Croatia
| style="width:20%; background:#cccccc" align="center"|Wien
|-
| style="width:20%; background:#cccccc" align="center"|Fabio Cerullo
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Internationalization Guidelines Project OWASP Spanish Project
| style="width:20%; background:#cccccc" align="center"|Ireland
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Frederick Donovan
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Application Security Desk Reference (ASDR)
| style="width:20%; background:#cccccc" align="center"|United States
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Heiko Webers
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Ruby on Rails Security Project
| style="width:20%; background:#cccccc" align="center"|Germany
| style="width:20%; background:#cccccc" align="center"|Frankfurt
|-
| style="width:20%; background:#cccccc" align="center"|Juan Carlos Calderon
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Internationalization Guidelines OWASP Spanish Project OWASP Classic ASP Security Project
| style="width:20%; background:#cccccc" align="center"|Mexico
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Justin Derry
| style="width:40%; background:#cccccc" align="center"|Chapter leader & Project Leader, OWASP Interceptor Project
| style="width:20%; background:#cccccc" align="center"|Sydney Australia
| style="width:20%; background:#cccccc" align="center"|Sydney Australia
|-
| style="width:20%; background:#cccccc" align="center"|Kevin Fuller
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Testing Guide v3 OWASP SQL Injector Benchmarking Project (SQLiBENCH)
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Sacramento Ca
|-
| style="width:20%; background:#cccccc" align="center"|Leonardo Cavallari Militelli
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Application Security Desk Reference (ASDR)
| style="width:20%; background:#cccccc" align="center"|Brazil
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Mark Roxberry
| style="width:40%; background:#cccccc" align="center"|Leader, OWASP .NET Project
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Matt Tesauro
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Live CD 2008
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Austin
|-
| style="width:20%; background:#cccccc" align="center"|Matteo Meucci
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Testing Guide
| style="width:20%; background:#cccccc" align="center"|Italy
| style="width:20%; background:#cccccc" align="center"|Rome
|-
| style="width:20%; background:#cccccc" align="center"|Matthias Rohr
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Skavenger Project
| style="width:20%; background:#cccccc" align="center"|Germany
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Michael Coates
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP AppSensor
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Chicago
|-
| style="width:20%; background:#cccccc" align="center"|Nam Nguyen
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Testing Guide v3, Python Static Analysis, OWASP Education
| style="width:20%; background:#cccccc" align="center"|Vietnam
| style="width:20%; background:#cccccc" align="center"|Ho Chi Minh City
|-
| style="width:20%; background:#cccccc" align="center"|P.Satish Kumar
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Code Review Guide
| style="width:20%; background:#cccccc" align="center"|India
| style="width:20%; background:#cccccc" align="center"|Hyderabad
|-
| style="width:20%; background:#cccccc" align="center"|Paolo Perego
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Orizon Project
| style="width:20%; background:#cccccc" align="center"|Italy
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Parvathy Iyer
| style="width:40%; background:#cccccc" align="center"|OWASP Corporate Application Security Guide
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Newark (New Jersey)or Newyork (Newyork city)
|-
| style="width:20%; background:#cccccc" align="center"|Pierre Parrend
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP OpenSign Server Project OWASP Application Security Verification Standard
| style="width:20%; background:#cccccc" align="center"|France
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Stephen Craig Evans
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Securing WebGoat using ModSecurity
| style="width:20%; background:#cccccc" align="center"|Singapore
| style="width:20%; background:#cccccc" align="center"|Singapore
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SUMMER OF CODE 2008 SPECIAL PROJECT CONTRIBUTORS'''
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SUMMER OF CODE 2008/LOGISTICS'''
|-
| style="width:20%; background:#cccccc" align="center"|Sarah Cruz
| style="width:40%; background:#cccccc" align="center"|Project leader, Graphic Design
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SPRING OF CODE 2007 PROJECT LEADERS & REVIEWERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Przemyslaw Skowron
| style="width:40%; background:#cccccc" align="center"|Project Leader, Refresh Attacks List
| style="width:20%; background:#cccccc" align="center"|Poland
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Joshua Perrymon
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP LiveCD, OWASP Phishing Framework, Alabama Chapter Lead
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Birmingham,AL
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP AUTUMN OF CODE 2006 PROJECT LEADERS & REVIEWERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Rogan Dawes
| style="width:40%; background:#cccccc" align="center"|Project leader, WebScarab-NG
| style="width:20%; background:#cccccc" align="center"|South Africa
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Simon Roses Femerling
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Pantera
| style="width:20%; background:#cccccc" align="center"|Spain
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''ACTIVE PROJECT LEADERS (NOT CURRENTLY PARTICIPATING ON SOC 08)'''
|-
| style="width:20%; background:#cccccc" align="center"|Alex Smolen
| style="width:40%; background:#cccccc" align="center"| Project leader, .NET ESAPI
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''ACTIVE CHAPTER LEADERS (NOT CURRENTLY PARTICIPATING ON SOC 08)'''
|-
| style="width:20%; background:#cccccc" align="center"|Antti Laulajainen
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Helsinki
| style="width:20%; background:#cccccc" align="center"|Finland
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Steve Antoniewicz
| style="width:40%; background:#cccccc" align="center"|Chapter Board Member, NY/NJ Metro
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Kuai Hinojosa
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Twin-Cities
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Jim Manico
| style="width:40%; background:#cccccc" align="center"|Chapter leader/founder, Hawaii
| style="width:20%; background:#cccccc" align="center"|Hawaii, USA
| style="width:20%; background:#cccccc" align="center"|Anahola, Island of Kauai
|-
| style="width:20%; background:#cccccc" align="center"|Rex Booth
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Washington DC
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''SIGNIFICANT PAST OWASP CONTRIBUTOR (THAT IS NOT ALREADY COVERED BY ONE OF THE ABOVE CATEGORIES)'''
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP NON-INDIVIDUAL MEMBERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
|}

==Agenda and Presentations - November 4-7 ==

Under development. Please contact michael.coates{at}aspectsecurity.com with any questions or feedback.

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

{| style="width:80%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white" | Day 3 - November 6, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: <Room 1>
| style="width:40%; background:#BCA57A" | Track 2: Council Room
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee <Diamond Sponsor>
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:05 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP Summit Europe 2008
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 09:05-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: text [https://www.owasp.org/ link]
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
''Dinis Cruz''
|-
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 10:40-10:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Classic ASP Security Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Enigform and mod_Openpgp]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Corporate Application security guide
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP OpenSign Server Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:20-11:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Internationalization Guidelines
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Access Control Rules Tester Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:40-11:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP ASDR
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Orizon Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | Refresh Attacks list
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Skavenger Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 12:20-12:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Spanish Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | WebScarab-NG]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 12:35-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Code Review Guide Lead
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Pantera]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 14:20-14:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Ruby on Rails Security Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Live CD 2008]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 14:40-14:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP AppSensor
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Teachable Static Analysis Workbench]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Securing WebGoat using ModSecurity
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP WeBekci Project]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 15:20-15:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Positive Security
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | OWASP Source Code Review OWASP Projects]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 15:35-15:55 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | OWASP Backend Security Project
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 16:20-16:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | TBD]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | TBD]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 16:40-16:45 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | TBD
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | TBD]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | [[SummitEU08_link | Event Title ]] Organized by
|-
|-
| style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks at ...
|-
! colspan="3" align="center" style="background:#4058A0; color:white" | Day 4 - November 7, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: <Room 1>
| style="width:40%; background:#BCA57A" | Track 2: <Room 2 pending>
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee <Diamond Sponsor>
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: text [https://www.owasp.org/ link]
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP Looking Forward
''speaker, company''
|-
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 10:40-11:05 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | Release Quality Project TBD
]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | ESAPI]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:10-11:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | Release Quality Project TBD]]
''[[user link | Speaker]], Company''
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | Key OWASP projects TBD]]
''[[user link | Speaker]], Company''
|-
| style="width:10%; background:#7B8ABD" | 11:40-12:30 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP Financials & Operations
|-
| style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:55 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP On the Move (OoTM), Project Management, Governance
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:55 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Chapter Leaders Development Update
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:50 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP next Steps, Financial Investment Plans
|-
| style="width:10%; background:#7B8ABD" | 15:50-16:05 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 16:05-16:55 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | TBD
|-
| style="width:10%; background:#7B8ABD" | 18:00-19:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | [[SummitEU08_link | Event Title ]] Organized by
|-
| style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks at ...}
|-
|}

Venue: <address> [http://owasp.org Google Maps Link]

Registration is available via the OWASP Conference Cvent site at: [http://owasp.org Cvent link]

SpoC 007 - OWASP LiveCD Project - Progress Page

2007-11-13T03:35:18Z

Packetfocus: New page: ----'''Features'''---- This release is the second major version of the OWASP livecd. This one is going to be called SpoCK and will begin with the version 2.2 release. The kernel and boot ...

----'''Features'''----
This release is the second major version of the OWASP livecd. This one is going to be called SpoCK and will begin with the version 2.2 release. The kernel and boot splash has remained the same in this release but a lot has changed under the hood. OWASP tools and documents can be found in the main menu under OWASP:

Releases
Tools
Docs
Beta
Tools
Docs
Alphs
Tools
Docs

The CD also contains a lot of pentest programs under the /pentest/ folder that will still need to be organized and tested. This is the same for a lot of the OWASP programs that are not already working in the menu.

----'''Downloads'''----
The OWASP CD V1 downloads can be found here www.packetfocus.com/hackos
Version 2 "SpoCK" downloads are in the final review process and will be released Nov 14th 07 for public download.

----'''TODO'''-----
This version has 5x more tools and documents than v1. Now I just have to get all of the OWASP tools working then move to the /pentest/ folder.

Update the boot graphics- Still need to work on changing the graphics during the boot process.

Update all of the menu links to use KPDF instead of XPDF

Get sound working on the LiveCD

Make menu links to new version of Metasploit 3.0

Organize all of the VOIP tools in /pentest/

Get the latest version of WebGoat working

----'''Notes'''----
The most noticable addition to this release should be the number of OWASP projects in the menu. All of the tools haven't been configured but they are on the CD. If anyone uses the CD and would like to send instruction on getting a certain tool to work email livecd@packetfocus.com.

Refer to the main project page for more details on the project

Category:OWASP Live CD Project

2007-11-11T16:50:13Z

Packetfocus: /* Features */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD Version 2.1 ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 2.1 named "LabRat" and is part of the OWASP SpoC 007 sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security.

==== Details ====
V2 of the OWASP liveCD is focused on OWASP tools and Documentation. The menu structure had been built around the three (3) status levels of OWASP projects (Releases, Alpha, and Beta). Each area has been further seperated into Doc and Tools to make updates easier. Wiki pages are now linked for every tool and OWASP document.

==== Issues ====
At this point (Nov, 9 2007) the OWASP tools and documents are on the CD but they are not all configured at this point.

The CD doesn't have a lot of other pen-test tools in this version.

The Boot graphics still need to be changed.

Sounds doesn't work on some systems.

==== What's Next?====
The first step will be to ensure that all the OWASP tools and documents are present on the CD and working. Once that has been completed- then we will focus on adding traditional pen-test tools. However, the focus of this CD is OWASP resources.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====

Version 2.1 will be uploaded for testing by Nov 15th 2007. It's currenly working but being tested.

The distro can be downloaded from the PacketFocus website (http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

[http://www.securitydistro.com/index.php?option=com_content&task=view&id=139&Itemid=32 Running An ISO In VMware]

==== Screenshots ====
[http://www.securitydistro.com/index.php?option=com_expose&Itemid=41 LabRat 0.1 Screenshots]

Version 2.1 was sponsored by SpoC 007
Version .008 and .010 were sponsored by OWASP Autumn of Code 2006.

== Download ==

The BETA version v.10 is now available to download. It can be found on the PacketFocus website http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
The current version is about 800mb and contains 100's of linux applications. Most of these unneeded software will be removed from the next release to minimize .iso size.

Download via SecurityDistro

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0008.iso

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0010.iso

== Features ==
LabRat v.2.1 *Current Beta Download

LiveCD Based on Morphix (www.morphix.org)
Runs completely in Memory

Tools:
WebGoat v5
WebScarab
Paros
JBroFuZZ
Cal9000
Nmap
TcpDump
WireShark

Docs:
OWASP Guide
OWASP Testing Guide

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! RC1 - 12:54, 01 Feb 2007 (GMT)'''

The RC1 version of the CD is now available for testing. The download can be found here: http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
The latest version is v0.10 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

Download via SecurityDistro

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0008.iso

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0010.iso

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Live CD Project

2007-11-11T16:49:11Z

Packetfocus: /* Version 2.1 Release of OWASP LiveCD ready for testing */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD Version 2.1 ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 2.1 named "LabRat" and is part of the OWASP SpoC 007 sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security.

==== Details ====
V2 of the OWASP liveCD is focused on OWASP tools and Documentation. The menu structure had been built around the three (3) status levels of OWASP projects (Releases, Alpha, and Beta). Each area has been further seperated into Doc and Tools to make updates easier. Wiki pages are now linked for every tool and OWASP document.

==== Issues ====
At this point (Nov, 9 2007) the OWASP tools and documents are on the CD but they are not all configured at this point.

The CD doesn't have a lot of other pen-test tools in this version.

The Boot graphics still need to be changed.

Sounds doesn't work on some systems.

==== What's Next?====
The first step will be to ensure that all the OWASP tools and documents are present on the CD and working. Once that has been completed- then we will focus on adding traditional pen-test tools. However, the focus of this CD is OWASP resources.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====

Version 2.1 will be uploaded for testing by Nov 15th 2007. It's currenly working but being tested.

The distro can be downloaded from the PacketFocus website (http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

[http://www.securitydistro.com/index.php?option=com_content&task=view&id=139&Itemid=32 Running An ISO In VMware]

==== Screenshots ====
[http://www.securitydistro.com/index.php?option=com_expose&Itemid=41 LabRat 0.1 Screenshots]

Version 2.1 was sponsored by SpoC 007
Version .008 and .010 were sponsored by OWASP Autumn of Code 2006.

== Download ==

The BETA version v.10 is now available to download. It can be found on the PacketFocus website http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
The current version is about 800mb and contains 100's of linux applications. Most of these unneeded software will be removed from the next release to minimize .iso size.

Download via SecurityDistro

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0008.iso

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0010.iso

== Features ==
LabRat v.08 *Current Beta Download

LiveCD Based on Morphix (www.morphix.org)
Runs completely in Memory

Tools:
WebGoat v4
WebScarab
Paros
JBroFuZZ
Cal9000
Nmap
TcpDump
WireShark

Docs:
OWASP Guide 2.0
OWASP Testing Guide

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! RC1 - 12:54, 01 Feb 2007 (GMT)'''

The RC1 version of the CD is now available for testing. The download can be found here: http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
The latest version is v0.10 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

Download via SecurityDistro

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0008.iso

http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0010.iso

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

OWASP Spring Of Code 2007 Applications

2007-03-23T15:14:20Z

Packetfocus:

This page contains project Applications to the [[OWASP_Spring_Of_Code_2007]]

'''If you want to apply for a SpoC 007 sponsorship you HAVE TO USE THIS PAGE for your application'''

See [[OWASP_Spring_Of_Code_2007#How_To_Participate]] for what do to one you completed your Application

---------

'''Proposed template:''' {for longer proposals, in addition to these details you can create a PDF}:

== {Your first name or Alias} - {Project name} ==
Please remember that projects will be selected and funded based on how well they meet the [[OWASP_Spring_Of_Code_2007_:_Selection|Selection Criteria]].

You can propose your project in any form you wish, but the best proposals will be well thought out, clear and concise, and reflective of your passion for the topic. We strongly suggest that you include the following information in your proposal.

* Your educational and professional background

* Application security experience and accomplishments

* Participation and leadership in open communities

* The opportunity, challenges, issues or need your proposal addresses

* Objectives or ways in which you will meet the goal(s)

* Specific activities and who will carry out these activities

* Specific deliverables and a rough project schedule so we can track progress

* Long-term vision for the project

* Any other reasons why you and your project should be selected

== Buanzo - Enigform: Firefox Addon for OpenPGP signing of HTTP requests ==

I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of
information systems security since 1994, when BBSes and Linux still lived together.

I quick search for buanzo on google [http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[http://www.rentacoder.com/RentACoder/SoftwareCoders/showBioInfo.asp?lngAuthorId=735204].

In my free time I like playing with my Punk-Pop band [http://www.purevolume.com/futurabandapunkpop], Futurabanda. [http://www.futurabanda.com.ar], and maintaining my Restaurants, Wines and Recipes site. [http://www.vivamoslavida.com.ar]. I have to admit that my first priorities are my beloved son [http://www.fotolog.com/buanzo] and my wonderful wife [http://www.fotolog.com/buanzo].

=== Accomplishments ===

I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005 and 2006. I've developed
lots that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written
the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 [http://www.oissg.org/content/view/71/71/]. I'm currently writing
an Internet Draft to be proposed for RFC regarding Enigform.

=== Community ===

I run the official 2600 meetings site for Argentina [http://www.2600.com/meetings/pages.html], I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio
and newspaper appearances [http://codigoabierto.bitacoras.com/archivos/2005/04/01/buanzo-hacks] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs,
answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [http://counter.li.org/reports/place.php?place=AR].

=== My Project ===

Enigform [http://enigform.mozdev.org] is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs outgoing HTTP requests so that a web server can authenticate
the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in
the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications.

Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group.

Some simple PHP code is enough to make a web application Enigform-aware [http://enigformtest.buanzo.com.ar]. The Smutty PHP MVC Framework already supports Enigform [http://smutty.pu-gh.com/demo/enigform].

=== Long Term ===

Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in Apache and IIS, and port Enigform to other browsers
and/or programming languages, and also provide OpenPGP De/Encryption support.

=== Why should I be selected ===

I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the
international security community, and I firmly believe Enigform is my greatest idea so far.

== Eoin Keary - Code review Project ==
* '''Executive Summary''':
I am proposing that I complete the OWASP Code review guide during this period.
The code review guide was started by me in 2005 and has much information on reviewing code for common vulnerabilities. It is frequently accessed (looking at the stats on the OWASP site) and therefore is useful to practitioners.

I believe the code review guide is an integral part of the OWASP BOK (Body of Knowledge). Ensuring secure development is key to secure applications and code review is of paramount importance in this domain.

There are many sections still to be added and more to be readjusted and rewritten to reflect the current state of the security world.
Much needs to be written on Web 2.0 technologies and distributed B2B technologies such as Webservices.

The Code review process and procedure needs also to be covered. A guide to establishing a mature code review process also needs to be done.
Code review methodologies also need to be discussed.

* '''Objectives and Deliverables''':

Update of the code review guide:
* Add additional areas relating to the code review process such as:
** Benefits and pitfalls
** Methodology
** The code review process
*** Transactional analysis
*** Managing the code review process
*** Assigning risk to findings

** Technical guides
*** Language specific best practice
*** Java
*** .NET
*** PHP
*** MySQL
*** Stored Procs
*** C/C++

** Code review by vulnerability:
*** Reviewing Code for Buffer Overruns and Overflows
*** Reviewing Code for OS Injection
*** Reviewing Code for SQL Injection
*** Reviewing Code for Data Validation
*** Reviewing code for XSS issues
*** Reviewing Code for Error Handling
*** Reviewing Code for Logging Issues
*** Reviewing The Secure Code Environment
*** Reviewing code for Authorization Issues
*** Reviewing code for Authentication Issues
*** Reviewing code for Session Integrity
*** Reviewing code for Cross Site Request Forgery
*** Reviewing code for Cryptography implementation issues
*** Reviewing code Dangerous HTTP Methods (Deployment)
*** Race Conditions

The areas of code are structured giving a brief explanation, the anti-pattern (vulnerable pattern to look for) and a suggested fix.

* '''Why I should be sponsored for the project''':

I used to head up the code review team as part of the application security group in fidelity investments and have 5+ years of the secure code review process.
I also was the lead of the Testing guide until V2 was published via the Autumn of Code.

I have always delivered any work I have volunteered for on time.

I have been involved in OWASP projects for 2/3 years now and have always been an active contributor.

== Paolo Perego - Owasp Orizon Project ==
* '''Executive Summary''':
Owasp Orizon [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project] Project born in 2006 as answer to the lack of common engine and library usable by opensource code review related tools.

I'm proposing that, during the Spring of Code 2007 period, I'll complete static analisys API and java source code enforment objects.

Sometimes a complete code review approach is not suitable for most customers who wants to harden their code which is being approaching release stage. For such a reason, I started writing Java objects that embeds most of the security checks against common web vulnerabilities (XSS, SQL injection, Session handling, ...) so that source code can be hardened with a small effort in terms of code rewriting.

I do believe that a common set of API and a common safe coding best practices library is one of the most important goals to bring application security to the developers.

* '''Objectives and Deliverables''':
Completing the static code review API section
* improving programming language to XML translator
* improving security best practices code review scan library
* improving secure coding fashion best practices library
* writing the pattern matching scan using the aformentioned libraries
Writing the java source code enforment objects
* writing an object to handle form data values to avoid XSS
* writing an object to handle form data values to avoid SQL Injection
* writing an object to handle HttpRequest and HttpSession objects

* '''Why I should be sponsored for the project''':
Owasp Orizon is the first Owasp project I'm involved in. I'm also contributor of Owasp Italian chapter managed by Matteo Meucci and I'm talking at various speeches about application security and safe coding best practices.

I'm a security consultant working in ethical hacking and we're approaching code review and safe topics right now.
I'm a developer too so I understand also the "dark side" of the problem developing code with security in mind.

I work using the "release early release often" paradigm so to be concrete and let other people having something usable to work with.

== Sebastien Deleersnyder - OWASP Education Project ==
* '''Executive Summary''':
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.

* '''Objectives and Deliverables''':
Currently the project goals are to create Educational Tracks:
* Complete the [[OWASP Education Presentation|consolidation page of OWASP presentations]] performed in the past
* A "Web Application Security Primer" Track for beginners (4 hours)
* A "What developers should know on Web Application Security" Track for developers (4 hours)

* '''Why you should be sponsored for the project''':
I started the successful Belgian Chapter 3 years ago and have actively contributed to OWASP since then. I also co-organized the European conference last year in Belgium.

This is the first separate project that I started, originating from a local demand to set up educational tracks for people that are new to Web Application Security. There are literally hundreds of presentations and an enormous amount of information on the OWASP web site. The goal of this project is to restructure pieces of that information in reusable modules that can be combined in educational tracks. It is my believe that awareness is an important cornerstone of building secure web applications, and this project will actively support that.

If we are granted Spoc 007 participation, I will be sharing the budget with all active participants. This will be an extra motivation for project participation. I will reinvest my part in the project to set up a web conferencing / web casting solution to be used to disseminate the project results and make them available for later use.

* '''More details''':
The detailed [[OWASP Education Project Roadmap|road map]] can be found here.
The SpoC 007 goal is to finish Sub Goals 1, 2, 3 and 4. If time permits we can start with sub goal 5.

== Subere - OWASP JBroFuzz Project ==

==== Overview ====

JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. The purpose of this application is to provide a single, portable application that offers stable cross-platform network protocol fuzzing capabilities. At the same time, JBroFuzz attempts to keep the User Interface (UI) as intuitive as possible.

==== Fuzzing ====

As seen by the emphasis given on the subject of fuzzing in the 2007 Testing Guide (v2), network protocol fuzzing serves as a fundamental cornerstone of application security testing. For this, many different categories and types of fuzzing have been defined.

==== Objectives ====

JBroFuzz needs to expand and grow in order to cover network fuzzing in a more complete manner. Its modular implementation allows for the addtion of new functionality by means of independent tabs. The key tabs proposed to be added during the spring of code 2007 are (details in next section):

* '''Open Source Tab'''
* '''NTLM Brute Force over HTTP/S Tab'''
* '''Pure HTTP/S Fuzzing using HTTPClient'''
* '''Blind SQL Injection Fuzzing Tab'''

At the same time, the following existing tabs need to be updated and made more robust (details in next section):

* '''TCP Fuzzing tab allowing graph outputs'''
* '''TCP Sniffing tab update thread Agent Queue'''
* '''Update Generators file format'''
* '''Include SOAP and XML fuzzing'''

This expansion process relates to stabilising code that is presently included in JBroFuzz, thus allowing it to run for extensive periods of time (24h+) as well as adding more functionality in terms of the three new tabs.

==== Deliverables ====

Based on the above, the new code elements that will be added are as follows:

* '''Open Source Tab:''' ''Provide the ability to enumerate e-mails from newsgroups without breaching google automated search rules''
* '''NTLM Brute Force over HTTP/S Tab:''' ''Provide the ability to enumerate NTLM as well as brute over HTTP/S NTLM.''
* '''Pure HTTP/S Fuzzing:''' ''Implement a fuzzing tab utilising HTTPClient from Jakarta that will also allow for multi-threading''
* '''Blind SQL Fuzzing Tab''' ''Implement a tab that extracts information from a blind SQL injection point identified on web server over HTTP/HTTPS.''

For updating existing code elements that require a partial rewrite, the following areas of focus are presented in detail:

* '''TCP Fuzzing tab allowing graph outputs:''' ''Provide the ability to graph fuzzing results during a particular session run. This will give the ability to integrate and pickup potential fuzzing patterns.''
* '''TCP Sniffing tab update thread Agent Queue:''' ''Update the code of the sniffing panel in order to handle threaded agents in a more memory efficient way.''
* '''Update Generators file format:''' ''Update the generators file format to allow for the parsing and creation of recursive generators.''
* '''Include SOAP and XML fuzzing:''' ''Include an up to date list of SOAP and XML fuzzing templates.''

Overall, the above two lists of changes should provide sufficient complexity and output for the spring of code 2007, forming a challenging implementation project.

==== Background ====

In its short life, the OWASP JBroFuzz Project has attracted the interest of the online security community with a total of appr. 5000 downloads in the last months.

Coming from a strong java background (5+ years) I decided to implement and release JBroFuzz in order to initially simplify penetrations testing processes that relate to web application and network protocol fuzzing.

I see the spring of code 2007 as a unique opportunity to industrialise network protocol fuzzing (and in particular HTTP/S fuzzing) within a single application, residing within OWASP.

==== Why should JBroFuzz be sponsored? ====

Centralising fuzzing resources into one application that has the ability to handle network protocol fuzzing over HTTP and HTTPS in a simple and intuitive manner forms an area of focus that should not be dismissed in building secure software applications.

Keep the code platform independent adds a huge advantage.

Receving an OWASP grant from the spring of code 2007 will trigger a share in the budget with all active participants depending on their level of involvement. This will be a direct function of the number of tabs and/or user functionality that they have assisted in implementing.

== Joshua Perrymon - OWASP LiveCD Project ==
* '''Executive Summary''':
I am proposing that I complete the second version of the OWASP LiveCD during this period.
The first version of the LiveCD is now available and include many of the current OWASP documents and tools. I believe the LiveCD is one of the best mediums to promote OWASP tools and documentation. It is portable and already being used by thousands of security proffesionals to perform application testing and training.

In the current state the CD is stable and contains a lot of tools. However, this is just the beginning. There is a LOT of work that needs to be completed. The entire CD experience needs to be branded using OWASP graphics. This shouls start with the boot screen and carry all the way through to the icons and desktop graphics. The CD should also inlcude the wiki and ALL the tools developed for OWASP.

* '''Objectives and Deliverables''':

Update of the LiveCD:
* Complete OWASP branding
* Add OWASP wiki
* Add encryption capabilities
* Add more OWASP tools
* Add more pen-test tools such as;
VOIP, RFID, BlueTooth, Wireless, etc..

* '''Why I should be sponsored for the project''':

I had the idea of the LiveCD about a year ago and have worked very hard to get the first version developed. This was driven by my vision to make all of the OWASP tools available on a portable medium. The main difference in the OWASP liveCD vs. other live CDs is going to be the regularity of updates. If sponsorship can be obtained the CD could be updated on a monthly basis. Not once a year like other liveCDs. The CD will also include specialty tools and documentation to perform VOIP, RFID,Bluetooth, and wireless security assessments.

OWASP Spring Of Code 2007 Applications

2007-03-23T15:13:14Z

Packetfocus:

This page contains project Applications to the [[OWASP_Spring_Of_Code_2007]]

'''If you want to apply for a SpoC 007 sponsorship you HAVE TO USE THIS PAGE for your application'''

See [[OWASP_Spring_Of_Code_2007#How_To_Participate]] for what do to one you completed your Application

---------

'''Proposed template:''' {for longer proposals, in addition to these details you can create a PDF}:

== {Your first name or Alias} - {Project name} ==
Please remember that projects will be selected and funded based on how well they meet the [[OWASP_Spring_Of_Code_2007_:_Selection|Selection Criteria]].

You can propose your project in any form you wish, but the best proposals will be well thought out, clear and concise, and reflective of your passion for the topic. We strongly suggest that you include the following information in your proposal.

* Your educational and professional background

* Application security experience and accomplishments

* Participation and leadership in open communities

* The opportunity, challenges, issues or need your proposal addresses

* Objectives or ways in which you will meet the goal(s)

* Specific activities and who will carry out these activities

* Specific deliverables and a rough project schedule so we can track progress

* Long-term vision for the project

* Any other reasons why you and your project should be selected

== Buanzo - Enigform: Firefox Addon for OpenPGP signing of HTTP requests ==

I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of
information systems security since 1994, when BBSes and Linux still lived together.

I quick search for buanzo on google [http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[http://www.rentacoder.com/RentACoder/SoftwareCoders/showBioInfo.asp?lngAuthorId=735204].

In my free time I like playing with my Punk-Pop band [http://www.purevolume.com/futurabandapunkpop], Futurabanda. [http://www.futurabanda.com.ar], and maintaining my Restaurants, Wines and Recipes site. [http://www.vivamoslavida.com.ar]. I have to admit that my first priorities are my beloved son [http://www.fotolog.com/buanzo] and my wonderful wife [http://www.fotolog.com/buanzo].

=== Accomplishments ===

I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005 and 2006. I've developed
lots that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written
the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 [http://www.oissg.org/content/view/71/71/]. I'm currently writing
an Internet Draft to be proposed for RFC regarding Enigform.

=== Community ===

I run the official 2600 meetings site for Argentina [http://www.2600.com/meetings/pages.html], I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio
and newspaper appearances [http://codigoabierto.bitacoras.com/archivos/2005/04/01/buanzo-hacks] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs,
answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [http://counter.li.org/reports/place.php?place=AR].

=== My Project ===

Enigform [http://enigform.mozdev.org] is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs outgoing HTTP requests so that a web server can authenticate
the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in
the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications.

Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group.

Some simple PHP code is enough to make a web application Enigform-aware [http://enigformtest.buanzo.com.ar]. The Smutty PHP MVC Framework already supports Enigform [http://smutty.pu-gh.com/demo/enigform].

=== Long Term ===

Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in Apache and IIS, and port Enigform to other browsers
and/or programming languages, and also provide OpenPGP De/Encryption support.

=== Why should I be selected ===

I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the
international security community, and I firmly believe Enigform is my greatest idea so far.

== Eoin Keary - Code review Project ==
* '''Executive Summary''':
I am proposing that I complete the OWASP Code review guide during this period.
The code review guide was started by me in 2005 and has much information on reviewing code for common vulnerabilities. It is frequently accessed (looking at the stats on the OWASP site) and therefore is useful to practitioners.

I believe the code review guide is an integral part of the OWASP BOK (Body of Knowledge). Ensuring secure development is key to secure applications and code review is of paramount importance in this domain.

There are many sections still to be added and more to be readjusted and rewritten to reflect the current state of the security world.
Much needs to be written on Web 2.0 technologies and distributed B2B technologies such as Webservices.

The Code review process and procedure needs also to be covered. A guide to establishing a mature code review process also needs to be done.
Code review methodologies also need to be discussed.

* '''Objectives and Deliverables''':

Update of the code review guide:
* Add additional areas relating to the code review process such as:
** Benefits and pitfalls
** Methodology
** The code review process
*** Transactional analysis
*** Managing the code review process
*** Assigning risk to findings

** Technical guides
*** Language specific best practice
*** Java
*** .NET
*** PHP
*** MySQL
*** Stored Procs
*** C/C++

** Code review by vulnerability:
*** Reviewing Code for Buffer Overruns and Overflows
*** Reviewing Code for OS Injection
*** Reviewing Code for SQL Injection
*** Reviewing Code for Data Validation
*** Reviewing code for XSS issues
*** Reviewing Code for Error Handling
*** Reviewing Code for Logging Issues
*** Reviewing The Secure Code Environment
*** Reviewing code for Authorization Issues
*** Reviewing code for Authentication Issues
*** Reviewing code for Session Integrity
*** Reviewing code for Cross Site Request Forgery
*** Reviewing code for Cryptography implementation issues
*** Reviewing code Dangerous HTTP Methods (Deployment)
*** Race Conditions

The areas of code are structured giving a brief explanation, the anti-pattern (vulnerable pattern to look for) and a suggested fix.

* '''Why I should be sponsored for the project''':

I used to head up the code review team as part of the application security group in fidelity investments and have 5+ years of the secure code review process.
I also was the lead of the Testing guide until V2 was published via the Autumn of Code.

I have always delivered any work I have volunteered for on time.

I have been involved in OWASP projects for 2/3 years now and have always been an active contributor.

== Paolo Perego - Owasp Orizon Project ==
* '''Executive Summary''':
Owasp Orizon [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project] Project born in 2006 as answer to the lack of common engine and library usable by opensource code review related tools.

I'm proposing that, during the Spring of Code 2007 period, I'll complete static analisys API and java source code enforment objects.

Sometimes a complete code review approach is not suitable for most customers who wants to harden their code which is being approaching release stage. For such a reason, I started writing Java objects that embeds most of the security checks against common web vulnerabilities (XSS, SQL injection, Session handling, ...) so that source code can be hardened with a small effort in terms of code rewriting.

I do believe that a common set of API and a common safe coding best practices library is one of the most important goals to bring application security to the developers.

* '''Objectives and Deliverables''':
Completing the static code review API section
* improving programming language to XML translator
* improving security best practices code review scan library
* improving secure coding fashion best practices library
* writing the pattern matching scan using the aformentioned libraries
Writing the java source code enforment objects
* writing an object to handle form data values to avoid XSS
* writing an object to handle form data values to avoid SQL Injection
* writing an object to handle HttpRequest and HttpSession objects

* '''Why I should be sponsored for the project''':
Owasp Orizon is the first Owasp project I'm involved in. I'm also contributor of Owasp Italian chapter managed by Matteo Meucci and I'm talking at various speeches about application security and safe coding best practices.

I'm a security consultant working in ethical hacking and we're approaching code review and safe topics right now.
I'm a developer too so I understand also the "dark side" of the problem developing code with security in mind.

I work using the "release early release often" paradigm so to be concrete and let other people having something usable to work with.

== SebastienDeleersnyder - OWASP Education Project ==
* '''Executive Summary''':
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.

* '''Objectives and Deliverables''':
Currently the project goals are to create Educational Tracks:
* Complete the [[OWASP Education Presentation|consolidation page of OWASP presentations]] performed in the past
* A "Web Application Security Primer" Track for beginners (4 hours)
* A "What developers should know on Web Application Security" Track for developers (4 hours)

* '''Why you should be sponsored for the project''':
I started the successful Belgian Chapter 3 years ago and have actively contributed to OWASP since then. I also co-organized the European conference last year in Belgium.

This is the first separate project that I started, originating from a local demand to set up educational tracks for people that are new to Web Application Security. There are literally hundreds of presentations and an enormous amount of information on the OWASP web site. The goal of this project is to restructure pieces of that information in reusable modules that can be combined in educational tracks. It is my believe that awareness is an important cornerstone of building secure web applications, and this project will actively support that.

If we are granted Spoc 007 participation, I will be sharing the budget with all active participants. This will be an extra motivation for project participation. I will reinvest my part in the project to set up a web conferencing / web casting solution to be used to disseminate the project results and make them available for later use.

* '''More details''':
The detailed [[OWASP Education Project Roadmap|road map]] can be found here.
The SpoC 007 goal is to finish Sub Goals 1, 2, 3 and 4. If time permits we can start with sub goal 5.

== Subere - OWASP JBroFuzz Project ==

==== Overview ====

JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. The purpose of this application is to provide a single, portable application that offers stable cross-platform network protocol fuzzing capabilities. At the same time, JBroFuzz attempts to keep the User Interface (UI) as intuitive as possible.

==== Fuzzing ====

As seen by the emphasis given on the subject of fuzzing in the 2007 Testing Guide (v2), network protocol fuzzing serves as a fundamental cornerstone of application security testing. For this, many different categories and types of fuzzing have been defined.

==== Objectives ====

JBroFuzz needs to expand and grow in order to cover network fuzzing in a more complete manner. Its modular implementation allows for the addtion of new functionality by means of independent tabs. The key tabs proposed to be added during the spring of code 2007 are (details in next section):

* '''Open Source Tab'''
* '''NTLM Brute Force over HTTP/S Tab'''
* '''Pure HTTP/S Fuzzing using HTTPClient'''
* '''Blind SQL Injection Fuzzing Tab'''

At the same time, the following existing tabs need to be updated and made more robust (details in next section):

* '''TCP Fuzzing tab allowing graph outputs'''
* '''TCP Sniffing tab update thread Agent Queue'''
* '''Update Generators file format'''
* '''Include SOAP and XML fuzzing'''

This expansion process relates to stabilising code that is presently included in JBroFuzz, thus allowing it to run for extensive periods of time (24h+) as well as adding more functionality in terms of the three new tabs.

==== Deliverables ====

Based on the above, the new code elements that will be added are as follows:

* '''Open Source Tab:''' ''Provide the ability to enumerate e-mails from newsgroups without breaching google automated search rules''
* '''NTLM Brute Force over HTTP/S Tab:''' ''Provide the ability to enumerate NTLM as well as brute over HTTP/S NTLM.''
* '''Pure HTTP/S Fuzzing:''' ''Implement a fuzzing tab utilising HTTPClient from Jakarta that will also allow for multi-threading''
* '''Blind SQL Fuzzing Tab''' ''Implement a tab that extracts information from a blind SQL injection point identified on web server over HTTP/HTTPS.''

For updating existing code elements that require a partial rewrite, the following areas of focus are presented in detail:

* '''TCP Fuzzing tab allowing graph outputs:''' ''Provide the ability to graph fuzzing results during a particular session run. This will give the ability to integrate and pickup potential fuzzing patterns.''
* '''TCP Sniffing tab update thread Agent Queue:''' ''Update the code of the sniffing panel in order to handle threaded agents in a more memory efficient way.''
* '''Update Generators file format:''' ''Update the generators file format to allow for the parsing and creation of recursive generators.''
* '''Include SOAP and XML fuzzing:''' ''Include an up to date list of SOAP and XML fuzzing templates.''

Overall, the above two lists of changes should provide sufficient complexity and output for the spring of code 2007, forming a challenging implementation project.

==== Background ====

In its short life, the OWASP JBroFuzz Project has attracted the interest of the online security community with a total of appr. 5000 downloads in the last months.

Coming from a strong java background (5+ years) I decided to implement and release JBroFuzz in order to initially simplify penetrations testing processes that relate to web application and network protocol fuzzing.

I see the spring of code 2007 as a unique opportunity to industrialise network protocol fuzzing (and in particular HTTP/S fuzzing) within a single application, residing within OWASP.

==== Why should JBroFuzz be sponsored? ====

Centralising fuzzing resources into one application that has the ability to handle network protocol fuzzing over HTTP and HTTPS in a simple and intuitive manner forms an area of focus that should not be dismissed in building secure software applications.

Keep the code platform independent adds a huge advantage.

Receving an OWASP grant from the spring of code 2007 will trigger a share in the budget with all active participants depending on their level of involvement. This will be a direct function of the number of tabs and/or user functionality that they have assisted in implementing.

== Joshua Perrymon - OWASP LiveCD Project ==
* '''Executive Summary''':
I am proposing that I complete the second version of the OWASP LiveCD during this period.
The first version of the LiveCD is now available and include many of the current OWASP documents and tools. I believe the LiveCD is one of the best mediums to promote OWASP tools and documentation. It is portable and already being used by thousands of security proffesionals to perform application testing and training.

In the current state the CD is stable and contains a lot of tools. However, this is just the beginning. There is a LOT of work that needs to be completed. The entire CD experience needs to be branded using OWASP graphics. This shouls start with the boot screen and carry all the way through to the icons and desktop graphics. The CD should also inlcude the wiki and ALL the tools developed for OWASP.

* '''Objectives and Deliverables''':

Update of the LiveCD:
*** Complete OWASP branding
*** Add OWASP wiki
** Add encryption capabilities
*** Add more OWASP tools
*** Add more pen-test tools such as;

*** VOIP, RFID, BlueTooth, Wireless, etc..

* '''Why I should be sponsored for the project''':

I had the idea of the LiveCD about a year ago and have worked very hard to get the first version developed. This was driven by my vision to make all of the OWASP tools available on a portable medium. The main difference in the OWASP liveCD vs. other live CDs is going to be the regularity of updates. If sponsorship can be obtained the CD could be updated on a monthly basis. Not once a year like other liveCDs. The CD will also include specialty tools and documentation to perform VOIP, RFID,Bluetooth, and wireless security assessments.

Category:OWASP Live CD Project

2007-01-23T02:07:19Z

Packetfocus: /* Download */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)

==== Details ====
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.

==== Issues ====
The CD is stable but I'm having problems starting WebGoat v4 again for some reason. I had this working on several test builds- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)

==== What's Next?====
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

This project was sponsored by OWASP Autumn of Code 2006.

== Download ==

The BETA version v.08 is now available to download. It can be found on the PacketFocus website http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso
The current version is about 800mb and contains 100's of linux applications. Most of these unneeded software will be removed from the next release to minimize .iso size.

== Features ==
LabRat v.08 *Current Beta Download

LiveCD Based on Morphix (www.morphix.org)
Runs completely in Memory

Tools:
WebGoat v4
WebScarab
Paros
JBroFuZZ
Cal9000
Nmap
TcpDump
WireShark

Docs:
OWASP Guide 2.0
OWASP Testing Guide

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''

The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Live CD Project!

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Live CD Project

2007-01-23T02:06:11Z

Packetfocus: /* Download */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)

==== Details ====
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.

==== Issues ====
The CD is stable but I'm having problems starting WebGoat v4 again for some reason. I had this working on several test builds- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)

==== What's Next?====
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

This project was sponsored by OWASP Autumn of Code 2006.

== Download ==

The BETA version v.08 is now available to download. It can be found on the PacketFocus website www.packetfocus.com/hackos

The current version is about 800mb and contains 100's of linux applications. Most of these unneeded software will be removed from the next release to minimize .iso size.

== Features ==
LabRat v.08 *Current Beta Download

LiveCD Based on Morphix (www.morphix.org)
Runs completely in Memory

Tools:
WebGoat v4
WebScarab
Paros
JBroFuZZ
Cal9000
Nmap
TcpDump
WireShark

Docs:
OWASP Guide 2.0
OWASP Testing Guide

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''

The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Live CD Project!

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Live CD Project

2007-01-23T02:04:00Z

Packetfocus: /* Features */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)

==== Details ====
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.

==== Issues ====
The CD is stable but I'm having problems starting WebGoat v4 again for some reason. I had this working on several test builds- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)

==== What's Next?====
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

This project was sponsored by OWASP Autumn of Code 2006.

== Download ==
Wait 'till its done......

== Features ==
LabRat v.08 *Current Beta Download

LiveCD Based on Morphix (www.morphix.org)
Runs completely in Memory

Tools:
WebGoat v4
WebScarab
Paros
JBroFuZZ
Cal9000
Nmap
TcpDump
WireShark

Docs:
OWASP Guide 2.0
OWASP Testing Guide

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''

The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Live CD Project!

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Live CD Project

2007-01-23T02:00:56Z

Packetfocus: /* Issues */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)

==== Details ====
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.

==== Issues ====
The CD is stable but I'm having problems starting WebGoat v4 again for some reason. I had this working on several test builds- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)

==== What's Next?====
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

This project was sponsored by OWASP Autumn of Code 2006.

== Download ==
Wait 'till its done......

== Features ==

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''

The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Live CD Project!

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Live CD Project

2007-01-23T01:59:10Z

Packetfocus: /* News */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)

==== Details ====
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.

==== Issues ====
The CD is stable but I'm not having problems starting WebGoat v4 again for some reason. I had this working all weekend and on several versions I made yesterday- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)

==== What's Next?====
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

This project was sponsored by OWASP Autumn of Code 2006.

== Download ==
Wait 'till its done......

== Features ==

== Future Development ==

== News ==

'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''

The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Live CD Project!

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Live CD Project

2007-01-23T01:57:46Z

Packetfocus: /* News */

== Overview ==
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.

== BETA Release of OWASP LiveCD ready for testing ==

OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)

==== Details ====
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.

==== Issues ====
The CD is stable but I'm not having problems starting WebGoat v4 again for some reason. I had this working all weekend and on several versions I made yesterday- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)

==== What's Next?====
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.

==== BETA TESTERS====
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is owasp-livecd@lists.owasp.org . I can also be contacted directly - livecd@packetfocus.com

==== Download====
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

This project was sponsored by OWASP Autumn of Code 2006.

== Download ==
Wait 'till its done......

== Features ==

== Future Development ==

== News ==

'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''

The Open Web Application Security Project is proud to announce the OWASP Live CD Project!

'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''

The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.

== Feedback and Participation: ==

We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

== Project Contributors ==

== Project Sponsor ==

Live CD sponsors:
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]

[[Category:OWASP Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Download]]

Category:OWASP Testing Project

2006-07-12T12:51:32Z

Packetfocus: /* Volunteers needed */

==News==
The first Draft of the new Testing Guide 2.0 shall be up soon.
Also contributors names shall be added once that is done.

==Overview==

This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.

== Contributors ==
Currently there are many people helping out when they can.
The Project lead is Eoin Keary. There are still lots of areas to be covered.
To contribute please email [mailto:eoin.keary@owasp.org Eoin]

==Volunteers needed==

'''Phase Two call for volunteers'''
Wed Mar 15 12:30:28 EST 2006

Work is underway on the 2nd phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase. If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in [mailto:eoin.keary@owasp.org touch]

'''Graphics for Labrat ( Live Linux Distro )''' 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

==Testing Guide Download==
[[OWASP Testing Guide]]

==Downloads and Materials==

You can [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] project releases from the OWASP download center.

'''THE OWASP Testing Project Live CD'''
The OWASP testing project is currently implementing an Application security Live CD. 
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.

The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.

The Alpha version contains the following tools/documents:

Application:
*WebGoat
*WebScarab
*Cal9000
*Wikto/Nikto

Infrastructure:
*Nmap
*Hping2
*TCPDump
*Yersinia
*MetaSploit Framework
*Nessus

Misc:
*RFID Hacking Tools
*VOIP Hacking Tools
*OWASP Guide
*Footprinting and Information Gathering Tools

The CD is being created in conjunction with Josh Perrrymon at [http://www.packetfocus.com/ Packetfocus].

He can be contacted on:
[mailto:josh.perrymon@packetfocus.com Josh Perrymon]

Also you can contact myself on [mailto:eoin.keary@owasp.org Eoin Keary]
*If your interested in becoming a Beta tester contact Beta at [http://www.packetfocus.com/ Packetfocus].

==Newest Release==

December 13, 2004 - Phase One Released
We are glad to announce that The OWASP Testing Project Phase One has finally been released. This covers the processes involved in testing web applications:

* The scope of what to test
* Principles of testing
* Testing techniques explained
* The OWASP testing framework explained.

This document is designed to help organizations understand what comprises a testing program, and to help them identify the steps that they need to undertake to build and operate that testing program on their web application

You can now [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] phase one from the OWASP download centre.

==Roadmap==

View the [[OWASP Testing Project Roadmap]]

==News==

'''OWASP Pen Test Checklist in Italian'''
Sun May 22 10:56:39 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Mateo for it's great effort to have this document translated. You can download this verion in[http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.doc Word]

'''Checklist ver 1.17 in Spanish'''
Mon Apr 04 15:37:24 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this verion [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/testing_spanish.doc Word]

==Project Contributors==

Contributors

==Feedback and Participation==

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.sourceforge.net/lists/listinfo/owasp-testing subscription page].

{{Template:Stub}}

[[Category:OWASP Project]]

Category:OWASP Testing Project

2006-07-12T12:50:07Z

Packetfocus: /* Volunteers needed */

==News==
The first Draft of the new Testing Guide 2.0 shall be up soon.
Also contributors names shall be added once that is done.

==Overview==

This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.

== Contributors ==
Currently there are many people helping out when they can.
The Project lead is Eoin Keary. There are still lots of areas to be covered.
To contribute please email [mailto:eoin.keary@owasp.org Eoin]

==Volunteers needed==

'''Phase Two call for volunteers'''
Wed Mar 15 12:30:28 EST 2006

Work is underway on the 2nd phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase. If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in [mailto:eoin.keary@owasp.org touch]

'''Graphics for Labrat ( Live Linux Distro )'''
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
This would be a great project for University or even High School students to participate in the security community.
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....

==Testing Guide Download==
[[OWASP Testing Guide]]

==Downloads and Materials==

You can [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] project releases from the OWASP download center.

'''THE OWASP Testing Project Live CD'''
The OWASP testing project is currently implementing an Application security Live CD. 
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.

The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.

The Alpha version contains the following tools/documents:

Application:
*WebGoat
*WebScarab
*Cal9000
*Wikto/Nikto

Infrastructure:
*Nmap
*Hping2
*TCPDump
*Yersinia
*MetaSploit Framework
*Nessus

Misc:
*RFID Hacking Tools
*VOIP Hacking Tools
*OWASP Guide
*Footprinting and Information Gathering Tools

The CD is being created in conjunction with Josh Perrrymon at [http://www.packetfocus.com/ Packetfocus].

He can be contacted on:
[mailto:josh.perrymon@packetfocus.com Josh Perrymon]

Also you can contact myself on [mailto:eoin.keary@owasp.org Eoin Keary]
*If your interested in becoming a Beta tester contact Beta at [http://www.packetfocus.com/ Packetfocus].

==Newest Release==

December 13, 2004 - Phase One Released
We are glad to announce that The OWASP Testing Project Phase One has finally been released. This covers the processes involved in testing web applications:

* The scope of what to test
* Principles of testing
* Testing techniques explained
* The OWASP testing framework explained.

This document is designed to help organizations understand what comprises a testing program, and to help them identify the steps that they need to undertake to build and operate that testing program on their web application

You can now [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] phase one from the OWASP download centre.

==Roadmap==

View the [[OWASP Testing Project Roadmap]]

==News==

'''OWASP Pen Test Checklist in Italian'''
Sun May 22 10:56:39 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Mateo for it's great effort to have this document translated. You can download this verion in[http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.doc Word]

'''Checklist ver 1.17 in Spanish'''
Mon Apr 04 15:37:24 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this verion [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/testing_spanish.doc Word]

==Project Contributors==

Contributors

==Feedback and Participation==

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.sourceforge.net/lists/listinfo/owasp-testing subscription page].

{{Template:Stub}}

[[Category:OWASP Project]]

Category:OWASP Testing Project

2006-07-12T12:40:45Z

Packetfocus: /* Downloads and Materials */

==News==
The first Draft of the new Testing Guide 2.0 shall be up soon.
Also contributors names shall be added once that is done.

==Overview==

This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.

== Contributors ==
Currently there are many people helping out when they can.
The Project lead is Eoin Keary. There are still lots of areas to be covered.
To contribute please email [mailto:eoin.keary@owasp.org Eoin]

==Volunteers needed==

'''Phase Two call for volunteers'''
Wed Mar 15 12:30:28 EST 2006

Work is underway on the 2nd phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase. If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in [mailto:eoin.keary@owasp.org touch]

==Testing Guide Download==
[[OWASP Testing Guide]]

==Downloads and Materials==

You can [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] project releases from the OWASP download center.

'''THE OWASP Testing Project Live CD'''
The OWASP testing project is currently implementing an Application security Live CD. 
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.

The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.

The Alpha version contains the following tools/documents:

Application:
*WebGoat
*WebScarab
*Cal9000
*Wikto/Nikto

Infrastructure:
*Nmap
*Hping2
*TCPDump
*Yersinia
*MetaSploit Framework
*Nessus

Misc:
*RFID Hacking Tools
*VOIP Hacking Tools
*OWASP Guide
*Footprinting and Information Gathering Tools

The CD is being created in conjunction with Josh Perrrymon at [http://www.packetfocus.com/ Packetfocus].

He can be contacted on:
[mailto:josh.perrymon@packetfocus.com Josh Perrymon]

Also you can contact myself on [mailto:eoin.keary@owasp.org Eoin Keary]
*If your interested in becoming a Beta tester contact Beta at [http://www.packetfocus.com/ Packetfocus].

==Newest Release==

December 13, 2004 - Phase One Released
We are glad to announce that The OWASP Testing Project Phase One has finally been released. This covers the processes involved in testing web applications:

* The scope of what to test
* Principles of testing
* Testing techniques explained
* The OWASP testing framework explained.

This document is designed to help organizations understand what comprises a testing program, and to help them identify the steps that they need to undertake to build and operate that testing program on their web application

You can now [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] phase one from the OWASP download centre.

==Roadmap==

View the [[OWASP Testing Project Roadmap]]

==News==

'''OWASP Pen Test Checklist in Italian'''
Sun May 22 10:56:39 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Mateo for it's great effort to have this document translated. You can download this verion in[http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.doc Word]

'''Checklist ver 1.17 in Spanish'''
Mon Apr 04 15:37:24 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this verion [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/testing_spanish.doc Word]

==Project Contributors==

Contributors

==Feedback and Participation==

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.sourceforge.net/lists/listinfo/owasp-testing subscription page].

{{Template:Stub}}

[[Category:OWASP Project]]

Category:OWASP Testing Project

2006-07-12T12:39:18Z

Packetfocus: /* Downloads and Materials */

==News==
The first Draft of the new Testing Guide 2.0 shall be up soon.
Also contributors names shall be added once that is done.

==Overview==

This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.

== Contributors ==
Currently there are many people helping out when they can.
The Project lead is Eoin Keary. There are still lots of areas to be covered.
To contribute please email [mailto:eoin.keary@owasp.org Eoin]

==Volunteers needed==

'''Phase Two call for volunteers'''
Wed Mar 15 12:30:28 EST 2006

Work is underway on the 2nd phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase. If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in [mailto:eoin.keary@owasp.org touch]

==Testing Guide Download==
[[OWASP Testing Guide]]

==Downloads and Materials==

You can [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] project releases from the OWASP download center.

'''THE OWASP Testing Project Live CD'''
The OWASP testing project is currently implementing an Application security Live CD. 
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.

The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.

The Alpha version contains the following tools/documents:

Application:
WebGoat
WebScarab
Cal9000

Infrastructure:
Nmap
Hping2
TCPDump
Yersinia
MetaSploit Framework

Misc:
RFID Hacking Tools
VOIP Hacking Tools
OWASP Guide

The CD is being created in conjunction with Josh Perrrymon at [http://www.packetfocus.com/ Packetfocus].

He can be contacted on:
[mailto:josh.perrymon@packetfocus.com Josh Perrymon]

Also you can contact myself on [mailto:eoin.keary@owasp.org Eoin Keary]
*If your interested in becoming a Beta tester contact Beta at [http://www.packetfocus.com/ Packetfocus].

==Newest Release==

December 13, 2004 - Phase One Released
We are glad to announce that The OWASP Testing Project Phase One has finally been released. This covers the processes involved in testing web applications:

* The scope of what to test
* Principles of testing
* Testing techniques explained
* The OWASP testing framework explained.

This document is designed to help organizations understand what comprises a testing program, and to help them identify the steps that they need to undertake to build and operate that testing program on their web application

You can now [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] phase one from the OWASP download centre.

==Roadmap==

View the [[OWASP Testing Project Roadmap]]

==News==

'''OWASP Pen Test Checklist in Italian'''
Sun May 22 10:56:39 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Mateo for it's great effort to have this document translated. You can download this verion in[http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.doc Word]

'''Checklist ver 1.17 in Spanish'''
Mon Apr 04 15:37:24 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this verion [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/testing_spanish.doc Word]

==Project Contributors==

Contributors

==Feedback and Participation==

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.sourceforge.net/lists/listinfo/owasp-testing subscription page].

{{Template:Stub}}

[[Category:OWASP Project]]

Category:OWASP Testing Project

2006-07-12T12:34:08Z

Packetfocus: /* Downloads and Materials */

==News==
The first Draft of the new Testing Guide 2.0 shall be up soon.
Also contributors names shall be added once that is done.

==Overview==

This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.

== Contributors ==
Currently there are many people helping out when they can.
The Project lead is Eoin Keary. There are still lots of areas to be covered.
To contribute please email [mailto:eoin.keary@owasp.org Eoin]

==Volunteers needed==

'''Phase Two call for volunteers'''
Wed Mar 15 12:30:28 EST 2006

Work is underway on the 2nd phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase. If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in [mailto:eoin.keary@owasp.org touch]

==Testing Guide Download==
[[OWASP Testing Guide]]

==Downloads and Materials==

You can [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] project releases from the OWASP download center.

'''THE OWASP Testing Project Live CD'''
The OWASP testing project is currently implementing an Application security Live CD.
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.

The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.

The Alpha version contains the following tools/documents:

Application:
WebGoat
WebScarab
Cal9000

Infrastructure:
Nmap
Hping2
TCPDump
Yersinia
MetaSploit Framework

Misc:
RFID Hacking Tools
VOIP Hacking Tools
OWASP Guide

The CD is being created in conjunction with Josh Perrrymon at [http://www.packetfocus.com/ Packetfocus].

He can be contacted on:
[mailto:josh.perrymon@packetfocus.com Josh Perrymon]

Also you can contact myself on [mailto:eoin.keary@owasp.org Eoin Keary]
*If your interested in becoming a Beta tester contact Beta at [http://www.packetfocus.com/ Packetfocus].

==Newest Release==

December 13, 2004 - Phase One Released
We are glad to announce that The OWASP Testing Project Phase One has finally been released. This covers the processes involved in testing web applications:

* The scope of what to test
* Principles of testing
* Testing techniques explained
* The OWASP testing framework explained.

This document is designed to help organizations understand what comprises a testing program, and to help them identify the steps that they need to undertake to build and operate that testing program on their web application

You can now [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285 download] phase one from the OWASP download centre.

==Roadmap==

View the [[OWASP Testing Project Roadmap]]

==News==

'''OWASP Pen Test Checklist in Italian'''
Sun May 22 10:56:39 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Mateo for it's great effort to have this document translated. You can download this verion in[http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.doc Word]

'''Checklist ver 1.17 in Spanish'''
Mon Apr 04 15:37:24 EDT 2005
I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this verion [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/testing_spanish.doc Word]

==Project Contributors==

Contributors

==Feedback and Participation==

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.sourceforge.net/lists/listinfo/owasp-testing subscription page].

{{Template:Stub}}

[[Category:OWASP Project]]