This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP FOSBBWAS (code name Beretta)
From OWASP
Revision as of 22:46, 20 July 2006 by Medelibero (talk | contribs)
Download: http://www.devcafe.co.uk/beretta/downloads.htm
This project aims to create a:
- Commercial quality open source black box web application scanner that is:
- Extensible
- Customizable
- Scaleable
- Robust
- User Friendly
- Methodical
- The objective is to:
- Help developers to create secure and robust Web applications
- Help System administrators and professional Pen-Tester to identify vulnerable Web Applications
- Create tests for the OASIS WAS database, OWASP Testing Guide and
Installation
- Unzip the downloaded files (duh..!)
- Restore the Beretta Db file to your SQL 2000 database server and create a user to access this database
- Move the unzipped Beretta application directory to somewhere in your web server root
- Set the necessary NTFS permissions
- Create a virtual directory in IIS to this newly created directory
- Modify the Web.config keys databaseConnection, and siteRoot to the relevant values.
- Modify the Web.config key "outputDir" to be the physical path of the "output" directory beneath the web application root. XML scan reports will be created here
- Make sure ~/output/ has write permissions for the user ASP.net is running under
- Open up an internet browser and browse to the virtual directory you created
- Enter login details (defaults below)
Username: admin Password: pass
- You should now be logged into the application. Foundstones hacme bank is a good place to start experimenting with Beretta.