This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects/OWASP Watcher Project"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
| leader_name1 = Chris Weber
 
| leader_name1 = Chris Weber
 
| leader_email1 = [email protected]
 
| leader_email1 = [email protected]
| leader_username1 = Chrisweber
+
| leader_username1 = ChrisWeber
  
 
| contributor_name[1-10] =  
 
| contributor_name[1-10] =  

Revision as of 20:16, 1 December 2010

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Watcher Project (home page)
Purpose: Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

  • Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer);
  • Works seamlessly with complex Web 2.0 applications while you drive the Web browser;
  • Non-intrusive, will not raise alarms or damage production sites;
  • Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS);
  • Configurable domains with wildcard support;
  • Extensible framework for adding new checks.
License: New BSD
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
current release
Watcher v1.5.0 - Nov 17 2010 - (download)
Release description: Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases