This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "GoogleSeasonOfDocs2019"
(Added ZAP Zest project) |
|||
Line 42: | Line 42: | ||
The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help. | The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help. | ||
+ | |||
+ | ==OWASP Juice Shop== | ||
+ | [[OWASP Juice Shop Project]] is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! | ||
+ | |||
+ | ==="Pwning OWASP Juice Shop" Companion Guide=== | ||
+ | |||
+ | ''[https://leanpub.com/juice-shop Pwning OWASP Juice Shop] is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under [https://creativecommons.org/licenses/by-nc-nd/4.0/ CC BY-NC-ND 4.0] and is available '''for free''' as work-in-progress in [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop HTML, PDF, Kindle and ePub format on GitBook]. The latest officially released edition is [https://leanpub.com/juice-shop available '''for free''' on LeanPub in PDF, Kindle and ePub format].'' | ||
+ | |||
+ | [[File:PwningOWASPJuiceShop_Cover.jpg|link=https://leanpub.com/juice-shop|100px]] | ||
+ | |||
+ | The book is divided into three parts: | ||
+ | # Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools) | ||
+ | # Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application) | ||
+ | # Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project) | ||
+ | |||
+ | Primary focus points of this project could be: | ||
+ | * Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format | ||
+ | * Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub '''and''' to be able to host it in HTML online-readable form | ||
+ | |||
+ | This project could additionally: | ||
+ | * Add hints and solutions for currently undocumented challenges (marked with ''':wrench: **TODO**''') | ||
+ | * Extend the "Codebase 101" chapter with more details and examples for new contributors | ||
+ | * Review, curate and extend the other existing content |
Revision as of 14:44, 13 March 2019
Overview
OWASP is going to apply to participate in the inaugural Google Season of Docs We will be requesting project ideas to help us complete our organization application which is due April 23rd.
OWASP Project Documentation Requests
Tips to get you started in no particular order:
* Read Google Season of Docs Project Ideas * Read Program Rules
OWASP ZAP
OWASP Zed Attack Proxy Project (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.
The API
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation. Unfortunately is also not particularly well documented and we get many queries about it on the support groups.
Existing documentation includes:
- https://github.com/zaproxy/zaproxy/wiki/ApiDetails
- https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index
This project would:
- Explain the concepts behind the UI
- Explain how it can be used at a high level
- Detail all of the API calls
The documentation should be suitable for publishing as web pages and for printing on paper.
Zest
Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools. While it is tool independent it is heavily used by ZAP.
Existing documentation includes:
This project would:
- Explain the concepts behind the Zest
- Explain how to write Zest scripts
- Document the ZAP Desktop UI provided relating to Zest
The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.
OWASP Juice Shop
OWASP Juice Shop Project is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
"Pwning OWASP Juice Shop" Companion Guide
Pwning OWASP Juice Shop is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under CC BY-NC-ND 4.0 and is available for free as work-in-progress in HTML, PDF, Kindle and ePub format on GitBook. The latest officially released edition is available for free on LeanPub in PDF, Kindle and ePub format.
The book is divided into three parts:
- Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools)
- Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application)
- Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project)
Primary focus points of this project could be:
- Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format
- Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub and to be able to host it in HTML online-readable form
This project could additionally:
- Add hints and solutions for currently undocumented challenges (marked with :wrench: **TODO**)
- Extend the "Codebase 101" chapter with more details and examples for new contributors
- Review, curate and extend the other existing content