This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Quick IncubatorToolsCode Evaluation"

From OWASP
Jump to: navigation, search
(Summary)
(Summary)
 
(43 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
 
=Evaluation Date : 3rd September 2014=
 
=Evaluation Date : 3rd September 2014=
 
==OWASP Java HTML Sanitizer Project==
 
==OWASP Java HTML Sanitizer Project==
Line 10: Line 11:
  
 
===Summary===
 
===Summary===
Project is active even though it needs to create some Roadmap. Also better guidelines for Developers can help the project get more volunteers
+
Project is active even though it needs to create a Roadmap. Also better guidelines for Developers can help the project get more volunteers. Since this is a library to be implemented, we expect better documentation for users on this part.
 +
 
 +
===Uniqueness/Originality===
 +
A library quite unique among OWASP projects
 +
 
 +
===Level of Maturity===
 +
Incubator, potential to become LAB
  
 
==OWASP_Java_XML_Templates_Project==
 
==OWASP_Java_XML_Templates_Project==
Line 19: Line 26:
 
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update  
 
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update  
 
|-
 
|-
| Outdated- last Update 2011 || N/A this are just XML templates || Not Found || https://code.google.com/p/owasp-jxt/w/list || https://code.google.com/p/owasp-jxt/issues/list || http://lists.owasp.org/pipermail/owasp-java-xml-templates/ || 2011
+
| Outdated- last Update 2011 || N/A these are just XML templates || Not Found || https://code.google.com/p/owasp-jxt/w/list || https://code.google.com/p/owasp-jxt/issues/list || http://lists.owasp.org/pipermail/owasp-java-xml-templates/ || 2011
 
|}
 
|}
  
 
http://lists.owasp.org/pipermail/owasp-java-xml-templates/
 
http://lists.owasp.org/pipermail/owasp-java-xml-templates/
 
===Summary===
 
===Summary===
Project is inactive no developemnts since 2011
+
Project is inactive no developments since 2011
 +
===Level of Maturity===
 +
Incubator - Inactive
  
 
==OWASP NAXSI Project==
 
==OWASP NAXSI Project==
Line 37: Line 46:
 
===Summary===
 
===Summary===
 
Project has not updated its wiki in a year. The project repository is active but we need to remember that these are just rules that most be used with  http://nginx.com/ which is a commercial tool. You get the rules for free but you need to buy the Web Firefall. Rules alone do not work
 
Project has not updated its wiki in a year. The project repository is active but we need to remember that these are just rules that most be used with  http://nginx.com/ which is a commercial tool. You get the rules for free but you need to buy the Web Firefall. Rules alone do not work
 +
===Level of Maturity===
 +
Does not fit with OWASP open source vision.This project is outside OWASP umbrella
  
 
==OWASP Security Shepard Project==
 
==OWASP Security Shepard Project==
Line 49: Line 60:
 
===Summary===
 
===Summary===
 
Project is using an old wiki template but information is quite complete. A simple guideline was found on the wiki and very good track record fixing issues. We suggest to have a mailing list. Needs more work on documentation to get more contributors and users.
 
Project is using an old wiki template but information is quite complete. A simple guideline was found on the wiki and very good track record fixing issues. We suggest to have a mailing list. Needs more work on documentation to get more contributors and users.
 +
===Level of Maturity===
 +
Incubator
 +
===Uniqueness/Originality===
 +
This is another Broken application for pen testing. The project claims to not only to be a learning tool for beginners pen testers but also for professionals with higher level of challenges.
  
 
==OWASP Xenotix XSS Exploit Framework==
 
==OWASP Xenotix XSS Exploit Framework==
Line 61: Line 76:
 
===Summary===
 
===Summary===
 
Project has excellent documentation, Nice external website and wiki page, including videos for Users but there are no issues(only 1 and is closed). Last year it was a very active project present on different Appsec conferences. Need more documentation for new developers, if project plans to get new contributors
 
Project has excellent documentation, Nice external website and wiki page, including videos for Users but there are no issues(only 1 and is closed). Last year it was a very active project present on different Appsec conferences. Need more documentation for new developers, if project plans to get new contributors
 +
===Level of Maturity===
 +
LAB candidate, howveer we are not seen much activity so far, for this reason we cannot upgrade this project to this status. Must contact Project leader
 +
 +
===Uniqueness/Originality===
 +
This is a tool for pen testing XSS vulnerabilities, it focuses only on that. The interface is really nice compare to other OWASP tools.It claims it ha sless false positives and able to find more XSS than other tools
  
 
=Evaluation Date : 5th September 2014=
 
=Evaluation Date : 5th September 2014=
Line 73: Line 93:
  
 
===Summary===
 
===Summary===
Wiki template is very complete. The project is an OS/Virtual machine, not easy to host on a repository so we understand the challenges to make this available using an repository. What I miss here are instructions or clarifications, such as a reference to the Mantra Framework project and Guidelines and User guides for first time users.
+
Wiki template is very complete. The project is an OS/Virtual machine, not easy to host on a repository so we understand the challenges to make this available using a repository. What I miss here are instructions or clarifications, such as a reference to the Mantra Framework project and Guidelines and User guides for first time users.
 +
 
 +
===Level of Maturity===
 +
Incubator
 +
 
 +
===Uniqueness/Originality===
 +
It combines Mantra and other Broken Apps
  
 
==OWASP iGoat Project==
 
==OWASP iGoat Project==
Line 85: Line 111:
  
 
===Summary===
 
===Summary===
The project had a very inactive/dormant period last year, and later picked up after a year in recession. The Project has some basic documentation but it should have more to make it clear for users how the project can be built properly and the OS supported. Based on the mailing list , it has been very quite and little reaction from the public. Little activity in the bug list (1 bug fixed). We don't have the impression there is a group of users. Project should work on improving its documentation, add some print screens and videos can help a lot for user adoption
+
The project had a very inactive/dormant period last year, and later picked up after a year in recession. The Project has some basic documentation but it should have more to make it clear for users how the project can be built properly and the OS supported.Wiki page is very abstract and has very little information about the project, Releases and Roadmap. Based on the mailing list , it has been very quite and little reaction from the public. Little activity in the bug list (1 bug fixed). We don't have the impression there is a group of users. Project should work on improving its documentation, add some print screens and videos can help a lot for user adoption
 +
===Level of Maturity===
 +
Incubator
 +
 
 +
===Uniqueness/Originality===
 +
This is another Broken app but for apple mobile devices.
 +
 
 +
==OWASP OSaft Project==
 +
 
 +
{| class="wikitable sortable" border="1" style="font-size:86%"
 +
|-
 +
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update
 +
|-
 +
|22 july  ||Yes || Not Found ||https://www.owasp.org/index.php/O-Saft/Documentation || https://github.com/OWASP/O-Saft/issues || http://lists.owasp.org/pipermail/owasp-igoat-project/ || 26 August 2014
 +
|}
 +
 
 +
===Summary===
 +
Very active project, on github. Project leader is also very active promoting the project at different conferences. Tools also won an award and is doing an excellent work like no other OWASP tool does which is to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. Excellent documentation.Based on the level of maturity it can become a LAB project
 +
===Level of Maturity===
 +
LAB
 +
 
 +
===Uniqueness/Originality===
 +
No other OWASP tool does this specific work, which is highly challenging to achieve.
 +
 
 +
==OWASP Bricks==
 +
 
 +
{| class="wikitable sortable" border="1" style="font-size:86%"
 +
|-
 +
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update
 +
|-
 +
| 1 February 2014 || YES ||Not Found ||https://www.youtube.com/user/OWASPBricks || Not Found  || http://lists.owasp.org/pipermail/owasp_bricks/ || December 2013
 +
|}
 +
 
 +
===Summary===
 +
This is another Broken App in PHP/MySQL. Last activity or commit was last year, December 2013.Last activity in the Blog dates from November 2013. Mailing list and Twitter activity also dates from last year which it seems the project came to a stop around that time. Project has very nice instructional videos on You Tube and pretty good materials for Users
 +
 
 +
===Level of Maturity===
 +
Incubator/Potential to become LAB but is Dormant/Inactive.Must contact Project leader for more info
 +
 
 +
===Uniqueness/Originality===
 +
It combines Mantra Framework, PHP/MySQL and it's done in the same style as WebGoat but with very nice GUI and Videos
 +
 
 +
=Evaluation Date : 6th September 2014=
 +
==Dependency Check==
 +
 
 +
{| class="wikitable sortable" border="1" style="font-size:86%"
 +
|-
 +
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update
 +
|-
 +
| 5 August 2014 ||Yes || https://github.com/jeremylong/DependencyCheck/wiki || http://jeremylong.github.io/DependencyCheck/ ||https://github.com/jeremylong/DependencyCheck/issues  ||https://groups.google.com/forum/#!forum/dependency-check || August 2014
 +
|}
 +
 
 +
===Summary===
 +
Wiki template is very complete. This project has a high level of activity, excellent record fixing issues, Documentation for engaging new developers and Users.
 +
 
 +
===Level of Maturity===
 +
Very Stable, has LAB quality , Flagship Candidate. Upgraded to LAB status. Next review if maintains activity level, we will upgraded to Flagship
 +
because of its quality, level of activity and uniqueness
 +
 
 +
===Uniqueness/Originality===
 +
This is an excellent and unique tool among OWASP. No other does the same job
 +
 
 +
=Evaluation Date : 8th September 2014=
 +
==OWASP Hive==
 +
 
 +
{| class="wikitable sortable" border="1" style="font-size:86%"
 +
|-
 +
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update
 +
|-
 +
| February 2014 ||No releases ||none || none ||none || none|| N?A
 +
|}
 +
 
 +
===Summary===
 +
Project has no release so far and it seems inactive
 +
 
 +
===Uniqueness/Originality===
 +
Project is a hardware tool, which is quite unique among OWASP tools, but there hasn't been any progress and any releases at all.
 +
 
 +
==OWASP ByWaf==
 +
 
 +
{| class="wikitable sortable" border="1" style="font-size:86%"
 +
|-
 +
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update
 +
|-
 +
| September 2014 || In windows works fine, not in Mac || Not Found || You Tube videos ||https://github.com/depasonico/OWASP-ByWaf/issues|| http://lists.owasp.org/pipermail/owasp_bywaf_project/|| July 2014
 +
|}
 +
 
 +
===Summary===
 +
Project has an active development but it requires better documentation. This is a pen testing tool written in Python. In order to get user acceptance it has to compete harder with existing tools and provide better documentation for user adoption. Activity on the mailing list has been null.Project leader must provide a better selling proposition.
 +
 
 +
===Uniqueness/Originality===
 +
This is a pen testing tool framework in Python. It has to compete hard with other tools such as ZAP and given the fact that their documentation is poor, this does not help the project to get user adoption
 +
 
 +
==OWASP Multidae II==
 +
 
 +
{| class="wikitable sortable" border="1" style="font-size:86%"
 +
|-
 +
! Wiki Content !! Does project build without errors?!! Developer Guide Available? !! User Guide Available? !! Issue(Bug Tracking) !! Mailing/Group List Activity !! Repository Latest Update
 +
|-
 +
| June 2013 || || Not Found ||http://sourceforge.net/projects/mutillidae/files/documentation/ ||http://sourceforge.net/p/mutillidae/bugs/|| http://sourceforge.net/p/mutillidae/bugs/|| September
 +
|}
 +
 
 +
===Summary===
 +
Project has an active development and promotion. Wiki page is just a simple template but most information is found in SourceForge. Mailing list activity is none. Leader is active with releases through https://twitter.com/webpwnized. If information about documentation could be better organized, it will make it easier for first time users to find guidelines.
 +
 
 +
===Level of Maturity===
 +
Incubator
 +
 
 +
===Uniqueness/Originality===
 +
This is a broken app created in PHP/MySQL. It has many challenges compare to other tools and is very easy to install.It has some excellent documentation

Latest revision as of 16:50, 8 September 2014

Evaluation Date : 3rd September 2014

OWASP Java HTML Sanitizer Project

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
Incomplete, there is no road map Yes Not Found https://code.google.com/p/owasp-java-html-sanitizer/w/list https://code.google.com/p/owasp-java-html-sanitizer/issues/list https://groups.google.com/forum/#!forum/owasp-java-html-sanitizer-support September 2014

Summary

Project is active even though it needs to create a Roadmap. Also better guidelines for Developers can help the project get more volunteers. Since this is a library to be implemented, we expect better documentation for users on this part.

Uniqueness/Originality

A library quite unique among OWASP projects

Level of Maturity

Incubator, potential to become LAB

OWASP_Java_XML_Templates_Project

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
Outdated- last Update 2011 N/A these are just XML templates Not Found https://code.google.com/p/owasp-jxt/w/list https://code.google.com/p/owasp-jxt/issues/list http://lists.owasp.org/pipermail/owasp-java-xml-templates/ 2011

http://lists.owasp.org/pipermail/owasp-java-xml-templates/

Summary

Project is inactive no developments since 2011

Level of Maturity

Incubator - Inactive

OWASP NAXSI Project

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
Outdated -Spetember 2013 N/A rules code for another application Not Found https://github.com/nbs-system/naxsi/wiki https://github.com/nbs-system/naxsi/issues http://lists.owasp.org/pipermail/owasp-naxsi-project/ July 2014

Summary

Project has not updated its wiki in a year. The project repository is active but we need to remember that these are just rules that most be used with http://nginx.com/ which is a commercial tool. You get the rules for free but you need to buy the Web Firefall. Rules alone do not work

Level of Maturity

Does not fit with OWASP open source vision.This project is outside OWASP umbrella

OWASP Security Shepard Project

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
Updated 5 August 2014 Yes Not Found https://www.owasp.org/index.php/OWASP_Security_Shepherd https://github.com/markdenihan/owaspSecurityShepherd/issues Not Found September 2014

Summary

Project is using an old wiki template but information is quite complete. A simple guideline was found on the wiki and very good track record fixing issues. We suggest to have a mailing list. Needs more work on documentation to get more contributors and users.

Level of Maturity

Incubator

Uniqueness/Originality

This is another Broken application for pen testing. The project claims to not only to be a learning tool for beginners pen testers but also for professionals with higher level of challenges.

OWASP Xenotix XSS Exploit Framework

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
Updated 29 June 2014 Yes Not Found https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework#tab=Documentation https://github.com/ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework/issues Not Found July 2014

Summary

Project has excellent documentation, Nice external website and wiki page, including videos for Users but there are no issues(only 1 and is closed). Last year it was a very active project present on different Appsec conferences. Need more documentation for new developers, if project plans to get new contributors

Level of Maturity

LAB candidate, howveer we are not seen much activity so far, for this reason we cannot upgrade this project to this status. Must contact Project leader

Uniqueness/Originality

This is a tool for pen testing XSS vulnerabilities, it focuses only on that. The interface is really nice compare to other OWASP tools.It claims it ha sless false positives and able to find more XSS than other tools

Evaluation Date : 5th September 2014

OWASP Mantra OS

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
8 May 2014 N/A N/A Not Found N/A

Summary

Wiki template is very complete. The project is an OS/Virtual machine, not easy to host on a repository so we understand the challenges to make this available using a repository. What I miss here are instructions or clarifications, such as a reference to the Mantra Framework project and Guidelines and User guides for first time users.

Level of Maturity

Incubator

Uniqueness/Originality

It combines Mantra and other Broken Apps

OWASP iGoat Project

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
9 April 2014 Could not confirm/requires Mac OS Not Found Not Found https://code.google.com/p/owasp-igoat/w/list http://lists.owasp.org/pipermail/owasp-igoat-project/ 9 April 2014

Summary

The project had a very inactive/dormant period last year, and later picked up after a year in recession. The Project has some basic documentation but it should have more to make it clear for users how the project can be built properly and the OS supported.Wiki page is very abstract and has very little information about the project, Releases and Roadmap. Based on the mailing list , it has been very quite and little reaction from the public. Little activity in the bug list (1 bug fixed). We don't have the impression there is a group of users. Project should work on improving its documentation, add some print screens and videos can help a lot for user adoption

Level of Maturity

Incubator

Uniqueness/Originality

This is another Broken app but for apple mobile devices.

OWASP OSaft Project

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
22 july Yes Not Found https://www.owasp.org/index.php/O-Saft/Documentation https://github.com/OWASP/O-Saft/issues http://lists.owasp.org/pipermail/owasp-igoat-project/ 26 August 2014

Summary

Very active project, on github. Project leader is also very active promoting the project at different conferences. Tools also won an award and is doing an excellent work like no other OWASP tool does which is to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. Excellent documentation.Based on the level of maturity it can become a LAB project

Level of Maturity

LAB

Uniqueness/Originality

No other OWASP tool does this specific work, which is highly challenging to achieve.

OWASP Bricks

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
1 February 2014 YES Not Found https://www.youtube.com/user/OWASPBricks Not Found http://lists.owasp.org/pipermail/owasp_bricks/ December 2013

Summary

This is another Broken App in PHP/MySQL. Last activity or commit was last year, December 2013.Last activity in the Blog dates from November 2013. Mailing list and Twitter activity also dates from last year which it seems the project came to a stop around that time. Project has very nice instructional videos on You Tube and pretty good materials for Users

Level of Maturity

Incubator/Potential to become LAB but is Dormant/Inactive.Must contact Project leader for more info

Uniqueness/Originality

It combines Mantra Framework, PHP/MySQL and it's done in the same style as WebGoat but with very nice GUI and Videos

Evaluation Date : 6th September 2014

Dependency Check

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
5 August 2014 Yes https://github.com/jeremylong/DependencyCheck/wiki http://jeremylong.github.io/DependencyCheck/ https://github.com/jeremylong/DependencyCheck/issues https://groups.google.com/forum/#!forum/dependency-check August 2014

Summary

Wiki template is very complete. This project has a high level of activity, excellent record fixing issues, Documentation for engaging new developers and Users.

Level of Maturity

Very Stable, has LAB quality , Flagship Candidate. Upgraded to LAB status. Next review if maintains activity level, we will upgraded to Flagship because of its quality, level of activity and uniqueness

Uniqueness/Originality

This is an excellent and unique tool among OWASP. No other does the same job

Evaluation Date : 8th September 2014

OWASP Hive

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
February 2014 No releases none none none none N?A

Summary

Project has no release so far and it seems inactive

Uniqueness/Originality

Project is a hardware tool, which is quite unique among OWASP tools, but there hasn't been any progress and any releases at all.

OWASP ByWaf

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
September 2014 In windows works fine, not in Mac Not Found You Tube videos https://github.com/depasonico/OWASP-ByWaf/issues http://lists.owasp.org/pipermail/owasp_bywaf_project/ July 2014

Summary

Project has an active development but it requires better documentation. This is a pen testing tool written in Python. In order to get user acceptance it has to compete harder with existing tools and provide better documentation for user adoption. Activity on the mailing list has been null.Project leader must provide a better selling proposition.

Uniqueness/Originality

This is a pen testing tool framework in Python. It has to compete hard with other tools such as ZAP and given the fact that their documentation is poor, this does not help the project to get user adoption

OWASP Multidae II

Wiki Content Does project build without errors? Developer Guide Available? User Guide Available? Issue(Bug Tracking) Mailing/Group List Activity Repository Latest Update
June 2013 Not Found http://sourceforge.net/projects/mutillidae/files/documentation/ http://sourceforge.net/p/mutillidae/bugs/ http://sourceforge.net/p/mutillidae/bugs/ September

Summary

Project has an active development and promotion. Wiki page is just a simple template but most information is found in SourceForge. Mailing list activity is none. Leader is active with releases through https://twitter.com/webpwnized. If information about documentation could be better organized, it will make it easier for first time users to find guidelines.

Level of Maturity

Incubator

Uniqueness/Originality

This is a broken app created in PHP/MySQL. It has many challenges compare to other tools and is very easy to install.It has some excellent documentation