This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Store Sheep Project
OWASP Store SheepOWASP Store Sheep is a work in progress application do demonstrate security concepts relating to Windows Store Apps. IntroductionStore Sheep is a training app for Developers wishing to learn to securely code a Windows Store ('Metro Style') App, and Testers wanting to learn to test one. It contains a number of security vulnerabilities with explanations and fixes for them.
DescriptionStore Sheep (in line with the 'Goat' theme of Web Goat, Rails Goat etc - I thought it was about time we had a Sheep instead) is a training application for developers and testers. It takes the form of a pretend Windows Store App called 'A friend for Ewe' which is a dating agency for owners of pet Sheep. The purpose of Store Sheep is for developers and testers alike to learn where these apps resemble and differ from traditional Win32 and Web applications and how to build them to resist attack. A side benefit from this project will be for the community to learn more about how the certification process for a big app store works and the kind of problems it does (and doesn't) find. I would imagine this would be relevant not only to Microsoft's Store but to Apple and Google's as well. Broadly the idea at this stage is to get a basic app and some documentation up and running quite quickly and then to refine it as time goes on.
LicensingOWASP Store Sheep is free to use. It is licensed under the GNU GPL v3 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
What is Store Sheep?OWASP Store Sheep provides:
PresentationProject LeaderRelated ProjectsOhloh |
Quick DownloadEmail ListNews and EventsIn PrintClassifications
| |||||||
- Q1
- A1
- Q2
- A2
Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
- xxx
- xxx
Others
- xxx
- xxx
As of June 2014, the priorities are:
The application in its finished form will have three versions.
- This 'original version' contains a number of critical vulnerabilities, some of which will cause it to fail WACK (Windows Application Certification Kit). As such, if submitted to the Windows Store it would be rejected by Microsoft. The associated documentation explains how to correct these problems and move it to B)
- This application passes WACK and may pass Microsoft's checks, however it still contains a number of vulnerabilities such as authorisation flaws, Web Service problems etc. which would cause it to be a danger to its users' data if put live. The associated documentation explains how to find and fix these problems.
- This 'fixed' version of the application represents a safe (if not tremendously useful!) app which could pass through a Web Application 'penetration' test without any significant findings.
Involvement in the development and promotion of Store Sheep is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
- xxx
- xxx
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
