This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP FOSBBWAS (code name Beretta)"

From OWASP
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Download: http://www.devcafe.co.uk/beretta/downloads.htm
+
Download: http://www.devcafe.co.uk/beretta/downloads.htm [[Category:FIXME|link not working]]
  
 
This project aims to create a:
 
This project aims to create a:
Line 14: Line 14:
 
**Create tests for the OASIS WAS database, [http://prdownloads.sourceforge.net/owasp/OWASPTesting_PhaseOne.pdf?download OWASP Testing Guide] and  
 
**Create tests for the OASIS WAS database, [http://prdownloads.sourceforge.net/owasp/OWASPTesting_PhaseOne.pdf?download OWASP Testing Guide] and  
 
[http://prdownloads.sourceforge.net/owasp/OWASPWebAppPenTestList1.1.pdf?download OWASP PenTesting Checklist]
 
[http://prdownloads.sourceforge.net/owasp/OWASPWebAppPenTestList1.1.pdf?download OWASP PenTesting Checklist]
 +
 +
==Installation==
 +
* Unzip the downloaded files (duh..!)
 +
* Restore the Beretta Db file to your SQL 2000 database server and create a user to access this database
 +
* Move the unzipped Beretta application directory to somewhere in your web server root
 +
* Set the necessary NTFS permissions
 +
* Create a virtual directory in IIS to this newly created directory
 +
* Modify the Web.config keys databaseConnection, and siteRoot to the relevant values.
 +
* Modify the Web.config key "outputDir" to be the physical path of the "output" directory beneath the web application root. XML scan reports will be created here
 +
* Make sure ~/output/ has write permissions for the user ASP.net is running under
 +
* Open up an internet browser and browse to the virtual directory you created
 +
* Enter login details (defaults below)
 +
Username: admin
 +
Password: pass
 +
* You should now be logged into the application. Foundstones hacme bank is a good place to start experimenting with Beretta.
 +
 +
{{Template:Stub}}
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Latest revision as of 14:14, 18 April 2009

Download: http://www.devcafe.co.uk/beretta/downloads.htm

This project aims to create a:

  • Commercial quality open source black box web application scanner that is:
    • Extensible
    • Customizable
    • Scaleable
    • Robust
    • User Friendly
    • Methodical
  • The objective is to:
    • Help developers to create secure and robust Web applications
    • Help System administrators and professional Pen-Tester to identify vulnerable Web Applications
    • Create tests for the OASIS WAS database, OWASP Testing Guide and

OWASP PenTesting Checklist

Installation

  • Unzip the downloaded files (duh..!)
  • Restore the Beretta Db file to your SQL 2000 database server and create a user to access this database
  • Move the unzipped Beretta application directory to somewhere in your web server root
  • Set the necessary NTFS permissions
  • Create a virtual directory in IIS to this newly created directory
  • Modify the Web.config keys databaseConnection, and siteRoot to the relevant values.
  • Modify the Web.config key "outputDir" to be the physical path of the "output" directory beneath the web application root. XML scan reports will be created here
  • Make sure ~/output/ has write permissions for the user ASP.net is running under
  • Open up an internet browser and browse to the virtual directory you created
  • Enter login details (defaults below)

Username: admin Password: pass

  • You should now be logged into the application. Foundstones hacme bank is a good place to start experimenting with Beretta.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.