OWASP - User contributions [en]

User:Swaroopsy

2017-05-05T09:05:07Z

Swaroopyermalkar:

Swaroop Yermalkar works as a Senior Security Engineer at Philips and his work includes threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications.

He is OWASP iGoat Project leader (<nowiki>https://www.owasp.org/index.php/OWASP_iGoat_Tool_Project</nowiki>) and also author of popular iOS security book ‘Learning iOS Penetration Testing’, Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.

He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.

User:Add the OWASP wiki account username here.

2017-04-29T03:26:50Z

Swaroopyermalkar: Created page with "Swaroop Yermalkar"

Swaroop Yermalkar

OWASP iGoat Tool Project

2017-03-29T17:42:25Z

Swaroopyermalkar: /* Licensing */

OWASP iGoat Tool Project

2017-03-29T17:40:38Z

Swaroopyermalkar: /* Licensing */

OWASP iGoat Tool Project

2017-03-29T16:24:54Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T16:24:16Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T16:23:25Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T16:22:08Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T16:07:46Z

Swaroopyermalkar:

File:IGoat SQL Injection Vulnerability.jpg

2017-03-29T16:06:26Z

Swaroopyermalkar:

Screenshot of iGoat iOS App

OWASP iGoat Tool Project

2017-03-29T15:51:08Z

Swaroopyermalkar: removed red text.

File:IGoat List of Exercises.jpg

2017-03-29T15:37:24Z

Swaroopyermalkar:

List of vulnerabilities.

OWASP iGoat Tool Project

2017-03-29T15:30:20Z

Swaroopyermalkar:

OWASP Zezengorri Code Project

2017-03-29T15:27:51Z

Swaroopyermalkar:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |


Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.


==OWASP Code Library Project==

This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.


The OWASP Code Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.

That is Zezengorri a library to allows you to add security in the development IDE from the day one, of the moment you decide implementation security development to the project, starting in design phase of old and new projects, detecting the vulnerabilities of the web server, the computer and the programming language before starting the development on in parallel with the SDLC.

The initial idea is to deliver through the composer a package for PHP programming language solutions that use any of this framework: Laravel, Symphony and Code Integer. If this version for PHP

==Description==

This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.


When developers, team leaders or project managers add security to a web application, the first thing that comes up is the question of which technologies are handled in my web project, what operating system the web server supports, what version of server or what version of the database the application uses, for this Owasp define the threat modeling (knowing what we have).

This project Zezengorri for PHP is a downloadable package that adheres to the root of the Lavarel, Symphony, Code Integer projects, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if the site uses or not HSTS, the versions of Chipset active, the use of SSL certificate among other securities characteristics important measure in the moment of S-SDLC . Each of these item is display in a new webpage in a list of item any show if is active or not, the version of the plugin and a weblink. That links redirect to the CVE page and the CVE score of this item.
The Code Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Code project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.

Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Code Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.


[https://github.com/SamanthaGroves Compiled DLLs]

[https://github.com/SamanthaGroves Source Code]

[https://github.com/SamanthaGroves Documentation]

[https://github.com/SamanthaGroves Wiki Home Page]

[https://github.com/SamanthaGroves Issue Tracker]

[https://github.com/SamanthaGroves Slide Presentation]

[https://github.com/SamanthaGroves Video]

== Project Leader ==

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.


Project leader's name:Gustavo Nieves Arreaza

== Related Projects ==

This is where you can link to other OWASP Projects that are similar to yours.


* [[OWASP_Code_Tool_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

|}

=FAQs=


Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'


==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =
==Volunteers==



The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.


The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] who created the OWASP Cornucopia project that the template was derived from
* [https://www.owasp.org/index.php/User:Chuck_Cooper Chuck Cooper] who edited the template to convert it from a documentation project to a Code Project Template
* '''YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES'''

= Road Map and Getting Involved =



A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.


Planned feature enhancement
• Create the class to enable integration with the Code Integer framework
• Add to this application more and more items related to website security

Commercial Roadmap:

-Publish the Code Library Repository
-Promote the Code Library on our website: www.seguridadaplicativos.com
-Present the applications in conferences of Owasp.
-Present the application in regional Startup´.
-Rise money for regional Startup

Miles tones:

-In the project development phase

• The amount of security information that we collect from the components that support the website

-In the production phase
• The number of downloads from the code library

Essential conditions:

-In the Technical area:

• That there are still we found security holes in web applications.
• That still PHP remains how the most used programming language for web development
The development team work separately of the support system team, when the develop a web site or app

-Commercial:
• Awareness that security IT must be worked from the development IDE
• Businesses and programmers start investing in software to secure their applications.

Technical Roadmap:

Items Time Tasks State of progress
-Code Library development 1 weak Finish
-Collate information of machine 2 months In progress
web server and others
-Presents data collated 2 weaks In progress
-Search in Web CVE 1 month No started
-Functionality to import Data 2 weeks No started

==Roadmap==
As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Code Project Template
* Get other people to review the Code Project Template and provide feedback
* Incorporate feedback into changes in the Code Project Template
* Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
Involvement in the development and promotion of Code Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the Code Project Template into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Code_Project_Template Code Project Template project mailing list] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Minimal Viable Product=

This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.


The Code Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

=Project About=


This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


{{:Projects/OWASP_Example_Project_About_Page}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP Zezengorri Code Project

2017-03-29T15:26:56Z

Swaroopyermalkar:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |


Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.


==OWASP Code Library Project==

This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.


The OWASP Code Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.

That is Zezengorri a library to allows you to add security in the development IDE from the day one, of the moment you decide implementation security development to the project, starting in design phase of old and new projects, detecting the vulnerabilities of the web server, the computer and the programming language before starting the development on in parallel with the SDLC.

The initial idea is to deliver through the composer a package for PHP programming language solutions that use any of this framework: Laravel, Symphony and Code Integer. If this version for PHP

==Description==

This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.


When developers, team leaders or project managers add security to a web application, the first thing that comes up is the question of which technologies are handled in my web project, what operating system the web server supports, what version of server or what version of the database the application uses, for this Owasp define the threat modeling (knowing what we have).

This project Zezengorri for PHP is a downloadable package that adheres to the root of the Lavarel, Symphony, Code Integer projects, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if the site uses or not HSTS, the versions of Chipset active, the use of SSL certificate among other securities characteristics important measure in the moment of S-SDLC . Each of these item is display in a new webpage in a list of item any show if is active or not, the version of the plugin and a weblink. That links redirect to the CVE page and the CVE score of this item.
The Code Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Code project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.

Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Code Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.


[https://github.com/SamanthaGroves Compiled DLLs]

[https://github.com/SamanthaGroves Source Code]

[https://github.com/SamanthaGroves Documentation]

[https://github.com/SamanthaGroves Wiki Home Page]

[https://github.com/SamanthaGroves Issue Tracker]

[https://github.com/SamanthaGroves Slide Presentation]

[https://github.com/SamanthaGroves Video]

== Project Leader ==

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.


Project leader's name:Gustavo Nieves Arreaza

== Related Projects ==

This is where you can link to other OWASP Projects that are similar to yours.


* [[OWASP_Code_Tool_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

|}

=FAQs=


Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'


==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =
==Volunteers==



The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.


The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] who created the OWASP Cornucopia project that the template was derived from
* [https://www.owasp.org/index.php/User:Chuck_Cooper Chuck Cooper] who edited the template to convert it from a documentation project to a Code Project Template
* '''YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES'''

= Road Map and Getting Involved =



A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.


Planned feature enhancement
• Create the class to enable integration with the Code Integer framework
• Add to this application more and more items related to website security

Commercial Roadmap:

-Publish the Code Library Repository
-Promote the Code Library on our website: www.seguridadaplicativos.com
-Present the applications in conferences of Owasp.
-Present the application in regional Startup´.
-Rise money for regional Startup

Miles tones:

-In the project development phase

• The amount of security information that we collect from the components that support the website

-In the production phase
• The number of downloads from the code library

Essential conditions:

-In the Technical area:

• That there are still we found security holes in web applications.
• That still PHP remains how the most used programming language for web development
The development team work separately of the support system team, when the develop a web site or app

-Commercial:
• Awareness that security IT must be worked from the development IDE
• Businesses and programmers start investing in software to secure their applications.

Technical Roadmap:

Items Time Tasks State of progress
-Code Library development 1 weak Finish
-Collate information of machine 2 months In progress
web server and others
-Presents data collated 2 weaks In progress
-Search in Web CVE 1 month No started
-Functionality to import Data 2 weeks No started

==Roadmap==
As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Code Project Template
* Get other people to review the Code Project Template and provide feedback
* Incorporate feedback into changes in the Code Project Template
* Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
Involvement in the development and promotion of Code Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the Code Project Template into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Code_Project_Template Code Project Template project mailing list] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Screenshots=

This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.


The Code Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

=Project About=


This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


{{:Projects/OWASP_Example_Project_About_Page}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

Projects/iGoat/Releases/Last Reviewed Release

2017-03-29T15:11:24Z

Swaroopyermalkar: Created page with "2.4"

2.4

Projects/iGoat/Releases/Current

2017-03-29T15:10:50Z

Swaroopyermalkar: Created page with "2.4"

2.4

OWASP iGoat Tool Project

2017-03-29T10:05:54Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T10:03:50Z

Swaroopyermalkar: /* If I am not a programmer can I participate in your project? */

OWASP iGoat Tool Project

2017-03-29T10:03:02Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T10:02:17Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T10:01:05Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:59:45Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:59:07Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:58:34Z

Swaroopyermalkar: /* Feedback */

OWASP iGoat Tool Project

2017-03-29T09:57:24Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:55:24Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:49:39Z

Swaroopyermalkar: /* How can I participate in your project? */

OWASP iGoat Tool Project

2017-03-29T09:44:08Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:43:24Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:39:52Z

Swaroopyermalkar: small changes

OWASP iGoat Tool Project

2017-03-29T09:32:28Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:31:19Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:30:13Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:29:19Z

Swaroopyermalkar:

OWASP iGoat Tool Project

2017-03-29T09:27:55Z

Swaroopyermalkar: updated roadmap

OWASP iGoat Tool Project

2017-03-22T09:21:55Z

Swaroopyermalkar:

Projects/OWASP Example Project About Page

2017-03-22T09:18:44Z

Swaroopyermalkar:

{{Template:Project About
| project_name =iGoat
| project_description =iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.
| project_license =iGoat is free software, released under the GPLv3 license.
| leader_name1 = Swaroop Yermalkar
| leader_email1 = Place leader's OWASP email here.
| leader_username1 = Add the OWASP wiki account username here.
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-igoat-project
}}

Projects/OWASP Example Project About Page

2017-03-22T09:15:12Z

Swaroopyermalkar:

{{Template:Project About
| project_name =iGoat
| project_description =iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.
| project_license =iGoat is free software, released under the GPLv3 license.
| leader_name1 = Swaroop Yermalkar
| leader_email1 = Place leader's OWASP email here.
| leader_username1 = Add the OWASP wiki account username here.
| mailing_list_name = This is the full link to the mailing list (e.g. https://lists.owasp.org/mailman/listinfo/owasp-example-project)
}}

Projects/OWASP Example Project About Page

2017-03-22T09:09:52Z

Swaroopyermalkar:

{{Template:Project About
| project_name =Place your project name here.
| project_description =Project description goes here. Make sure to add a description that outlines how this project advances software security.
| project_license =Place your license choice here: [https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project OWASP Recommended Licenses]
| leader_name1 = Swaroop Yermalkar
| leader_email1 = Place leader's OWASP email here.
| leader_username1 = Add the OWASP wiki account username here.
| mailing_list_name = This is the full link to the mailing list (e.g. https://lists.owasp.org/mailman/listinfo/owasp-example-project)
}}

OWASP iGoat Tool Project

2017-03-22T08:55:57Z

Swaroopyermalkar: changed title

OWASP iGoat Tool Project

2017-03-22T08:54:25Z

Swaroopyermalkar: Added few details as licensing, related project etc.

OWASP iGoat Tool Project

2017-03-22T06:44:53Z

Swaroopyermalkar: Added iGoat project overview.

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Tool Project Template==
iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:
# Brief introduction to the problem.
# Verify the problem by exploiting it.
# Brief description of available remediations to the problem.
# Fix the problem by correcting and rebuilding the iGoat program.
Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

iGoat can be downloaded here: https://github.com/owasp/igoat

==Description==
iGoat has been designed and built to be a foundation on which to build a series of iOS security lessons. The initial iGoat release will include a handful of lessons to work through, but one of the aims of the project is to build a community of developers to help build out additional lessons over time -- much as WebGoat has before it.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/SamanthaGroves Installation Package]

[https://github.com/owasp/igoat Source Code]

[https://github.com/SamanthaGroves What's New (Revision History)]

[https://github.com/SamanthaGroves Documentation]

[https://github.com/SamanthaGroves Wiki Home Page]

[https://github.com/SamanthaGroves Issue Tracker]

[https://www.owasp.org/images/3/30/Igoat_preso.ppt Slide Presentation]

[https://github.com/SamanthaGroves Video]

== Project Leader ==

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.


Project leader's name

== Related Projects ==

This is where you can link to other OWASP Projects that are similar to yours.

* [[OWASP_Code_Project_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

* [12 Feb 2013] Support for Spanish is now available with this release.
* [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!
* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

|}

=FAQs=



Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'


==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==



The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.


The OWASP Tool Project Template is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] who created the OWASP Cornucopia project that the template was derived from
* [https://www.owasp.org/index.php/User:Chuck_Cooper Chuck Cooper] who edited the template to convert it from a documentation project to a Tool Project Template
* '''YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES'''

= Road Map and Getting Involved =



A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.


==Roadmap==
As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Tool Project Template
* Get other people to review the Tool Project Template and provide feedback
* Incorporate feedback into changes in the Tool Project Template
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
Involvement in the development and promotion of Tool Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the Tool Project Template into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Minimum Viable Product=


This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.


The Tool Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

=Project About=
Addtional Instructions for making changes:

The About 'tab' on that page is done with a MediaWiki template. If you log into the wiki page for your project and click the "Edit" button/link/tab in the top-right between 'Read' and 'View History', you'll see the edit page for the main body of your project page.

If you scroll down below the form to edit that page (below the "Save page", "Show preview", "Show changes" buttons, you'll see some text with a triangle in front of it reading "Templates used on this page:" A list will expand if you click on the triangle/text to show the templates that make up this page. The one you want is the "Projects/OWASP Example Project About Page" - click the (edit) next to this to edit that template. The direct link is: https://www.owasp.org/index.php?title=Projects/OWASP_Example_Project_About_Page&action=edit

The template takes 'input' that are key/value pairs where you'll need to edit the stuff after the equals (=) like:
project_name =Place your project name here.

You'd edit the bold bit.



This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


{{:Projects/OWASP_Example_Project_About_Page}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP iGoat Project

2017-03-16T02:30:26Z

Swaroopyermalkar: updated page with Github link.

= Main =

<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>

^^^ Rest assured the iGoat project is NOT inactive. We're merely finding it a new home on Github after its home on Google Code went away. Sorry for the inconvenience, but we most assuredly are working on a new release.

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

# Brief introduction to the problem.
# Verify the problem by exploiting it.
# Brief description of available remediations to the problem.
# Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

NOTE: Please bear with us as we move this project over to Github. In the meantime, the current version is 2.3, and it can be downloaded here: https://github.com/owasp/igoat

= Framework =

iGoat has been designed and built to be a foundation on which to build a series of iOS security lessons. The initial iGoat release will include a handful of lessons to work through, but one of the aims of the project is to build a community of developers to help build out additional lessons over time -- much as WebGoat has before it.

Interested contributors are encouraged to contact the project leader (Ken van Wyk, ken@krvw.com) to find out how they can contribute to future releases of iGoat.

= Status =

The iGoat project was launched in May 2011. Version 2.3 was released on 20 November 2014. Source repository and download site:

https://github.com/owasp/igoat

= Project About =

{{:Projects/OWASP iGoat Project | Project About}}

 
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project|iGoat Project]]
[[Category:OWASP_Tool]]
[[Category:OWASP_Alpha_Quality_Tool]]

Projects/OWASP iGoat Project

2017-03-15T17:46:20Z

Swaroopyermalkar: I just updated project download links with Github url's.

<nowiki>{{Template:</nowiki><includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>

| project_name =OWASP iGoat Project

| project_home_page =OWASP iGoat Project

| project_description =The iGoat project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat.

Similar to WebGoat (developer), the user is presented with a series of lessons surrounding numerous vulnerabilities associated with iOS apps. The student exploits each vulnerability to validate its existence, and then he implements a remediation in the lesson's source code.

Further, iGoat is designed and implemented modularly, similar conceptually to WebGoat's modular Java EE servlet model. It is intended to provide a foundational framework to build lessons on top of, starting with a core set of lessons provided in the first release.

iGoat can be downloaded here: https://github.com/owasp/igoat

| project_license =[http://www.gnu.org/licenses/gpl-3.0.html GPL v3]

| leader_name1 =Swaroop Yermalkar
| leader_email1 =swaroop.sy@gmail.com
| leader_username1 =

| leader_name[2-10] =
| leader_email[2-10] =
| leader_username[2-10] =

| contributor_name1 =Jonathan Carter
| contributor_email1 =jonathan.carter@owasp.org
| contributor_username1 =

| contributor_name[2-10] =
| contributor_email[2-10] =
| contributor_username[2-10] =

| pamphlet_link =
| presentation_link =
| mailing_list_name =https://lists.owasp.org/mailman/listinfo/owasp-igoat-project
| project_road_map =https://www.owasp.org/index.php/OWASP_iGoat_Project/Roadmap
| links_url[1-10] =
| links_name[1-10] =

| release_1 =iGoat v1.1
| release_2 =iGoat v2.0
| release_3 =iGoat v2.1
| release_4 =iGoat v2.3


<nowiki>| project_about_page =Projects/OWASP_iGoat_Project
}}</nowiki>

OWASP iGoat Project

2017-03-15T17:39:20Z

Swaroopyermalkar: Just updated latest iGoat report.

= Main =

<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>

^^^ Rest assured the iGoat project is NOT inactive. We're merely finding it a new home on Github after its home on Google Code went away. Sorry for the inconvenience, but we most assuredly are working on a new release.

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

# Brief introduction to the problem.
# Verify the problem by exploiting it.
# Brief description of available remediations to the problem.
# Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

NOTE: Please bear with us as we move this project over to Github. In the meantime, the current version is 2.3, and it can be downloaded here: https://drive.google.com/folderview?id=0B4JD0hBwn1-uZmJXU0pfdEUtdlE&usp=sharing

= Framework =

iGoat has been designed and built to be a foundation on which to build a series of iOS security lessons. The initial iGoat release will include a handful of lessons to work through, but one of the aims of the project is to build a community of developers to help build out additional lessons over time -- much as WebGoat has before it.

Interested contributors are encouraged to contact the project leader (Ken van Wyk, ken@krvw.com) to find out how they can contribute to future releases of iGoat.

= Status =

The iGoat project was launched in May 2011. Version 2.3 was released on 20 November 2014. Source repository and download site:

https://github.com/owasp/igoat

= Project About =

{{:Projects/OWASP iGoat Project | Project About}}

 
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project|iGoat Project]]
[[Category:OWASP_Tool]]
[[Category:OWASP_Alpha_Quality_Tool]]