https://wiki.owasp.org/api.php?action=feedcontributions&user=Hassan+Radwan&feedformat=atomOWASP - User contributions [en]2024-03-28T21:53:57ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=197257OWASP Code Pulse Project2015-07-09T17:27:08Z<p>Hassan Radwan: Updating the news for version 1.1.3</p>
<hr />
<div>=Main=<br />
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop applications, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Download Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">9 July 2015</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.3 Version 1.1.3 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">26 Feb 2015</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.2 Version 1.1.2 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
* [[OWASP Dependency Check]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then we've pushed out version 1.1 to tweak address a number of usability issues and integrate with [[OWASP Dependency Check]].<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Performance improvements<br />
- Block level coverage instead of the current method level support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- ZAP integration<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=190360OWASP Code Pulse Project2015-02-27T03:42:02Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop applications, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Download Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">26 Feb 2015</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.2 Version 1.1.2 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
* [[OWASP Dependency Check]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then we've pushed out version 1.1 to tweak address a number of usability issues and integrate with [[OWASP Dependency Check]].<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Performance improvements<br />
- Block level coverage instead of the current method level support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- ZAP integration<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=189882OWASP Code Pulse Project2015-02-18T15:53:31Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop applications, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Download Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
* [[OWASP Dependency Check]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then we've pushed out version 1.1 to tweak address a number of usability issues and integrate with [[OWASP Dependency Check]].<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Performance improvements<br />
- Block level coverage instead of the current method level support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- ZAP integration<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=176246OWASP Code Pulse Project2014-06-02T13:04:18Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Download Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
* [[OWASP Dependency Check]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then we've pushed out version 1.1 to tweak address a number of usability issues and integrate with [[OWASP Dependency Check]].<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Performance improvements<br />
- Block level coverage instead of the current method level support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- ZAP integration<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=176074OWASP Code Pulse Project2014-05-29T21:49:49Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Donload Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
* [[OWASP Dependency Check]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then we've pushed out version 1.1 to tweak address a number of usability issues and integrate with [[OWASP Dependency Check]].<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Performance improvements<br />
- Block level coverage instead of the current method level support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- ZAP integration<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=176073OWASP Code Pulse Project2014-05-29T21:44:44Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Donload Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">28 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.1.1 Version 1.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=175187OWASP Code Pulse Project2014-05-16T22:22:51Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Donload Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">14 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/v1.0.1 Version 1.0.1 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174585OWASP Code Pulse Project2014-05-09T12:15:05Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Donload Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174584OWASP Code Pulse Project2014-05-09T12:14:49Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
==How it works==<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
==Why Code Pulse?==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Donload Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Zed Attack Proxy Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Java_Project&diff=174556Category:OWASP Java Project2014-05-08T23:14:37Z<p>Hassan Radwan: </p>
<hr />
<div>==== Main ====<br />
<br />
The OWASP Java Project's goal is to enable Java and J2EE developers to build secure applications efficiently. See the [http://www.owasp.org/index.php/OWASP_Java_Project#tab=Roadmap OWASP Java Project Roadmap] for more information on our plans.<br />
<br />
==Java Security Overview==<br />
<br />
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer Overflow|buffer overflow]] and related issues that do not apply to Java applications.<br />
<br />
There is a wealth of information about vulnerabilities that apply to Java and JavaEE application in the [[:Category:Vulnerability|Vulnerability]] articles here at OWASP. The articles that have specific Java examples are tagged with the [[:Category:Java|Java category]].<br />
<br />
The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure Java applications. We cover the following topics:<br />
<br />
; [[OWASP Java Table of Contents#J2EE Security for Architects | J2EE Security for Architects]]<br />
: Provides information about the design and architectural considerations for a Java web application. Common architectures such as EJB, Web Services and Spring Middle tiers are discussed.<br />
<br />
; [[OWASP Java Table of Contents#J2EE Security for Developers | J2EE Security for Developers]]<br />
: These articles cover dangerous Java calls and common vulnerabilities associated with them, such as Runtime.exec(), Statement.execute(), readline(), etc... The dangers of native code, dynamic code, and reflection will be discussed. We'll also talk about using tools like PMD, jlint, FindBugs, Eclipse, jad, and more. This section will also cover standard security mechanisms in the JDK, such as cryptography, logging, encryption, error handling. Securing elements of an application, such as servlets, JSPs, controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more. We'll also discuss the use of security mechanisms such as log4j, BouncyCastle, XML encryption, XML signature, and other technologies.<br />
<br />
; [[OWASP Java Table of Contents#J2EE Security For Deployers| J2EE Security for Deployers]]<br />
: These articles cover topics specifically related to the J2EE environment. We discuss minimizing the attack surface in web.xml, configuring error handlers, and performing hardening of popular J2EE application servers.<br />
<br />
; [[OWASP Java Table of Contents#J2EE Security for Security Analysts and Testers| J2EE Security for Security Analysts and Testers]]<br />
: These articles cover the verification, analysis, and testing of the security of J2EE applications. This section will cover using tools to find vulnerabilities, both in source code and in running applications. These articles will focus on J2EE-specific aspects of testing applications that use various common J2EE frameworks and coding patterns.<br />
<br />
==== Related OWASP Projects ====<br />
<br />
;[[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]] <br />
:a free and open collection of all the security methods that a developer needs to build a secure web application.<br />
<br />
;[[:Category:OWASP Guide Project|OWASP Development Guide]] <br />
:a massive document covering all aspects of web application and web service security<br />
<br />
;[[:Category:OWASP AntiSamy Project|OWASP AntiSamy Java Project]] <br />
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks<br />
<br />
;[[OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]] <br />
:this document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle.<br />
<br />
;[[:Category:OWASP Code Review Project|OWASP Code Review Guide]] <br />
:a project to capture best practices for reviewing code.<br />
<br />
;[[:Category:OWASP CSRFGuard Project|OWASP CSRFGuard Project]] <br />
:a J2EE filter that implements a unique request token to mitigate CSRF attacks<br />
<br />
;[[OWASP Code Pulse Project|OWASP Code Pulse]] <br />
:a real-time code coverage tool of penetration testing activities<br />
<br />
<br />
==== Resources ====<br />
<tbd><br />
<br />
==== Roadmap ====<br />
The OWASP Java Project's overall goal is to...<br />
<br />
build and maintain a central landing page on the Web for all Java users (developers, architects & co.) interested in Web security<br />
<br />
and to<br />
<br />
produce materials that show J2EE architects, developers, and<br />
deployers how to deal with most common application security<br />
problems throughout the lifecycle.<br />
<br />
In the near term, we are focused on the following tactical goals:<br />
<br />
# Restructure the existing content<br />
# Align the page with other Java-related OWASP projects like ESAPI, Webgoat, ASVS (including a new chapter: "OWASP J2EE Related Projects")<br />
# Priorize work on missing content<br />
# Implement a J2EE/Java EE Secure Coding Guideline based on ESAPI, ASVS and/or the Quick Reference Guide.<br />
# Set-up a comparision of security aspects of web frameworks such like struts2, spring mvc, jsf, gwt, etc.<br />
# Set-up a comparision of security aspects of templating technologies such as jsp, velocity, tiles, etc.<br />
# Provide examples of how to prevent comman attacks like XSS in popular web frameworks<br />
# A practical guide to implementing a security policy for a Java web application<br />
# Provide secure configuration guides for popular application servers<br />
# Provide an OWASP Java Top 10<br />
<br />
==Current Tasks==<br />
* Call for volunteers - Join the [http://lists.owasp.org/mailman/listinfo/java-project mailing list], read the [[Tutorial]], check the [[OWASP Java Table of Contents]] and get started!<br />
* Review of current articles<br />
See the [[OWASP Java Table of Contents]] for details of individual article status <br />
<br />
==Ideas==<br />
<br />
Please submit your high level ideas about the direction of the OWASP Java Project here (you can sign your ideas by adding four tilde characters like this <nowiki>~~~~</nowiki>)<br />
* To add specific articles, visit the [[OWASP Java Table of Contents]]<br />
<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP Java Project | Project About}}<br />
<br />
__NOTOC__<br />
<headertabs/><br />
<br />
==Joining the Project==<br />
<br />
Mirko Richter is the project lead. The project's high level roadmap can be found at the Roadmap tab.<br />
* Please submit your ideas for individual articles to the [[Java Project Article Wishlist]].<br />
* If you'd like to contribute:<br />
# visit the [[Tutorial]], <br />
# join the [http://lists.owasp.org/mailman/listinfo/java-project mailing list] <br />
# and pick a topic from the [[OWASP Java Table of Contents]], or suggest a new topic.<br><br />
Remember to add the tag: <nowiki>[[Category:OWASP Java Project]]</nowiki> to the end of new articles so that they're properly categorised.<br />
<br />
[[Category:OWASP_Project| Java Project ]]<br />
[[Category:OWASP Document]]<br />
[[Category:OWASP Download]]<br />
[[Category:Language]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174318OWASP Code Pulse Project2014-05-05T19:53:05Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Donload Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174258OWASP Code Pulse Project2014-05-05T14:18:50Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project OWASP project email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174257OWASP Code Pulse Project2014-05-05T14:17:33Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Contact Us ==<br />
* [https://twitter.com/secdec @secdec]<br />
* [mailto:codepulse@securedecisions.com Email us]<br />
* [https://github.com/secdec/codepulse/issues Create an issue]<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174256OWASP Code Pulse Project2014-05-05T14:14:18Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, was released May 2nd 2014.<br />
<br />
Our next planned release is version 1.1. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=174255OWASP Code Pulse Project2014-05-05T14:09:31Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==About Code Pulse==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Links ==<br />
* [http://code-pulse.com Code Pulse Website]<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
* [https://github.com/secdec/codepulse/wiki Documentation]<br />
* [https://github.com/secdec/codepulse Github Project Page]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">2 May 2014</span> [https://github.com/secdec/codepulse/releases/tag/1.0.0 Version 1.0 is out!]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
= Sponsors =<br />
<br />
Code Pulse is maintained and developed by [http://securedecisions.com Secure Decisions].<br />
<br />
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract number FA8750-12-C-0219. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=File:Codepulse-screenshot.png&diff=174254File:Codepulse-screenshot.png2014-05-05T13:11:48Z<p>Hassan Radwan: Hassan Radwan uploaded a new version of &quot;File:Codepulse-screenshot.png&quot;</p>
<hr />
<div></div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=173447OWASP Code Pulse Project2014-04-25T12:43:12Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=173446OWASP Code Pulse Project2014-04-25T12:42:09Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=173314OWASP Code Pulse Project2014-04-23T14:38:17Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
Visit the [https://github.com/secdec/codepulse Code Pulse GitHub project page] to see the source.<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=173311OWASP Code Pulse Project2014-04-23T14:35:57Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=173310OWASP Code Pulse Project2014-04-23T14:34:24Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
[[File:Codepulse-screenshot.png|600px|link=]]<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
<br />
==Volunteers==<br />
OWASP Code Pulse is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* xxx<br />
* xxx<br />
<br />
==Others==<br />
* xxx<br />
* xxx<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=File:Codepulse-screenshot.png&diff=173307File:Codepulse-screenshot.png2014-04-23T14:30:21Z<p>Hassan Radwan: </p>
<hr />
<div></div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=173306OWASP Code Pulse Project2014-04-23T14:21:47Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== News and Events ==<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">21 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.1-beta Beta version 0.9.1 is out]<br />
* <span style="background: #66CCFF; font-size:85%;padding:2px;">15 Apr 2014</span> [https://github.com/secdec/codepulse/releases/tag/v0.9.0-beta Beta version 0.9.0 is out]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
<br />
==Volunteers==<br />
OWASP Code Pulse is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* xxx<br />
* xxx<br />
<br />
==Others==<br />
* xxx<br />
* xxx<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwanhttps://wiki.owasp.org/index.php?title=OWASP_Code_Pulse_Project&diff=172933OWASP Code Pulse Project2014-04-16T20:32:01Z<p>Hassan Radwan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Code Pulse Project==<br />
<br />
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.<br />
<br />
<br />
==Description==<br />
<br />
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage.<br />
<br />
Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view where the coverage overlaps between multiple tools.<br />
<br />
Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach that sits deep in the stack of the virtual machine executing the application’s binaries. Due to the intimate nature of our tracing approach we currently support Java Virtual Machines, but we do have plans to add support for .NET applications. Although Code Pulse will likely also work for desktop application, our current focus is in providing the best experience for web application testing. <br />
<br />
<br />
==Licensing==<br />
<br />
OWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. <br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Code Pulse Project? ==<br />
<br />
OWASP Code Pulse Project provides:<br />
<br />
* Real-time code coverage insight<br />
<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leader ==<br />
<br />
Hassan Radwan<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_Zed_Attack_Proxy_Project]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [https://github.com/secdec/codepulse/releases Latest Release]<br />
<br />
== Email List ==<br />
<br />
[https://lists.owasp.org/mailman/listinfo/owasp_code_pulse_project Project Email List]<br />
<br />
== News and Events ==<br />
* [20 Nov 2013] News 2<br />
* [30 Sep 2013] News 1<br />
<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
<br />
==Volunteers==<br />
OWASP Code Pulse is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* xxx<br />
* xxx<br />
<br />
==Others==<br />
* xxx<br />
* xxx<br />
<br />
= Road Map and Getting Involved =<br />
The initial version of Code Pulse, version 1.0, is planned for release at the end of April 2014.<br />
<br />
Our next planned release is version 1.1 that is currently planned for later in 2014. Despite our best efforts we expect that there will be issues with the 1.0 release that won’t be exposed until a broader audience has gotten a chance to work with it. Our plan for 1.1 is to address the major usability issues uncovered from the 1.0 testing. We also anticipate a number of minor updates between versions 1.0 and 1.1 to address bugs as they are discovered.<br />
<br />
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:<br />
- .NET support<br />
- Reporting<br />
- Trace playback to see the sequence of the coverage as opposed to just seeing the end state<br />
- Dependency Check integration<br />
- ZAP plugin<br />
<br />
Involvement in the development and promotion of Code Pulse is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
Some of the ways you can help:<br />
* Code contributions<br />
* Testing<br />
* Wiki documentation<br />
* Spreading the word about the project!<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]</div>Hassan Radwan