|
|
| Line 18: |
Line 18: |
| | | | |
| | | leader_username1 = ChrisWeber | | | leader_username1 = ChrisWeber |
| − |
| |
| − |
| |
| − | | links_url1 = http://websecuritytool.codeplex.com/wikipage?title=Checks
| |
| − | | links_name1 = Descriptions of the security checks
| |
| − |
| |
| − | | links_url2 = http://websecuritytool.codeplex.com/documentation?referringTitle=Home
| |
| − | | links_name2 = Detailed Documentation
| |
| − |
| |
| − | | links_url3 = http://websecuritytool.codeplex.com/releases/view/22212
| |
| − | | links_name3 = Download link
| |
| − |
| |
| | | | |
| | | contributor_name[1-10] = | | | contributor_name[1-10] = |
| Line 42: |
Line 31: |
| | | project_road_map = http://www.owasp.org/index.php/Projects/OWASP_Watcher_Project/Roadmap | | | project_road_map = http://www.owasp.org/index.php/Projects/OWASP_Watcher_Project/Roadmap |
| | | | |
| − | | links_url1 = | + | | links_url1 = http://websecuritytool.codeplex.com/wikipage?title=Checks |
| − | | links_name1 = | + | | links_name1 = Descriptions of the security checks |
| | + | |
| | + | | links_url2 = http://websecuritytool.codeplex.com/documentation?referringTitle=Home |
| | + | | links_name2 = Detailed Documentation |
| | + | |
| | + | | links_url3 = http://websecuritytool.codeplex.com/releases/view/22212 |
| | + | | links_name3 = Download link |
| | + | |
| | | | |
| | | release_1 = Watcher v1.5.0 | | | release_1 = Watcher v1.5.0 |
PROJECT INFO
What does this OWASP project offer you?
|
RELEASE(S) INFO
What releases are available for this project?
|
| what
|
is this project?
|
| Name: OWASP Watcher Project (home page)
|
| Purpose: Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.
Major Features:
- Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer);
- Works seamlessly with complex Web 2.0 applications while you drive the Web browser;
- Non-intrusive, will not raise alarms or damage production sites;
- Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS);
- Configurable domains with wildcard support;
- Extensible framework for adding new checks.
|
| License: New BSD
|
| who
|
is working on this project?
|
| Project Leader(s):
|
| how
|
can you learn more?
|
| Project Pamphlet: Not Yet Created
|
| Project Presentation:
|
| Mailing list: Mailing List Archives
|
| Project Roadmap: View
|
| Main links:
|
| Key Contacts
|
|
|
|
|
| current release
|
|
|
| Watcher v1.5.0 - Nov 17 2010 - (download)
|
| Release description: Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.
|
Rating:  Not Reviewed - Assessment Details
|
|
|
| last reviewed release
|
| Not Yet Reviewed
|
|
|
