This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Code Pulse Project"
m (Add link to Code Pulse 2.5.0) |
m (Update for Code Pulse 2.5) |
||
Line 13: | Line 13: | ||
==How it works== | ==How it works== | ||
− | Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach. Code Pulse currently supports Java programs, up to Java 9, and .NET Framework programs for CLR versions 2 | + | Code Pulse does its magic by monitoring the runtime of the target application using an agent-based approach. Code Pulse currently supports Java programs, up to Java 9, and .NET Framework programs for CLR versions 2 and 4. It can track code coverage details at the method or source code level to show what's being called and when. Although Code Pulse works for desktop applications, our current focus is on providing the best experience for web application testing. |
==Why Code Pulse?== | ==Why Code Pulse?== | ||
Line 19: | Line 19: | ||
Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage. | Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage. | ||
− | Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or | + | Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance), it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or to view where the coverage overlaps between multiple tools. |
==Licensing== | ==Licensing== | ||
Line 69: | Line 69: | ||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
− | The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then, we've pushed out multiple versions to address some usability issues and to include support for Java 9, .NET Framework applications, | + | The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then, we've pushed out multiple versions to address some usability issues and to include support for Java 9, .NET Framework applications, an [[OWASP Dependency Check]] integration, and code coverage details at the source code level. |
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it: | Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it: | ||
− | - | + | - API surface feature |
− | - | + | - Web request filter |
− | - | + | - Performance improvements |
Involvement in the development and promotion of Code Pulse is actively encouraged! | Involvement in the development and promotion of Code Pulse is actively encouraged! |
Revision as of 11:44, 8 August 2018
About Code PulseThe OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.
How it worksCode Pulse does its magic by monitoring the runtime of the target application using an agent-based approach. Code Pulse currently supports Java programs, up to Java 9, and .NET Framework programs for CLR versions 2 and 4. It can track code coverage details at the method or source code level to show what's being called and when. Although Code Pulse works for desktop applications, our current focus is on providing the best experience for web application testing. Why Code Pulse?Whereas in the past it’s been very difficult to understand which parts of an application a DAST or manual penetration test covered, Code Pulse automatically detects the coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools’ coverage. Code Pulse presents the coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered, and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance), it’s fairly easy to split up the recorded activity to understand which code was covered by each tool independently or to view where the coverage overlaps between multiple tools. LicensingOWASP Code Pulse project is free to use. It is licensed under the Apache 2.0 License. |
Quick LinksNews and Events
Contact UsNew Project Leader: Ken Prole Email: [email protected] Related ProjectsClassifications |
The initial version of Code Pulse, version 1.0, was released in early May 2014. Since then, we've pushed out multiple versions to address some usability issues and to include support for Java 9, .NET Framework applications, an OWASP Dependency Check integration, and code coverage details at the source code level.
Long-term there are a number of things on our roadmap that we’d like to add to Code Pulse. The following is a partial list of features we’d like to add to Code Pulse as we continue development on it:
- API surface feature
- Web request filter
- Performance improvements
Involvement in the development and promotion of Code Pulse is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
- Code contributions
- Testing
- Wiki documentation
- Spreading the word about the project!
Visit the Code Pulse GitHub project page to see the source.
Code Pulse is maintained and developed by Code Dx.
Code Pulse is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD), BAA via contract numbers FA8750-12-C-0219 and HHSP233201600058C.