This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP OWTF"

From OWASP
Jump to: navigation, search
Line 47: Line 47:
  
 
==Presentation and talks==
 
==Presentation and talks==
 +
 +
<nowiki><iframe src="//www.slideshare.net/slideshow/embed_code/key/5BOo24YsYCvXbO" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe></nowiki> <nowiki><div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/JerodBrennenCISSP/automating-security-testing-with-the-owtf" title="Automating Security Testing with the OWTF" target="_blank">Automating Security Testing with the OWTF</a></nowiki> <nowiki></strong></nowiki> from <nowiki><strong><a href="https://www.slideshare.net/JerodBrennenCISSP" target="_blank">Jerod Brennen</a></nowiki><nowiki></strong></nowiki> <nowiki></div></nowiki>
  
 
The following links provide access to materials for OWTF talks (video, slides, etc.):
 
The following links provide access to materials for OWTF talks (video, slides, etc.):

Revision as of 01:04, 2 April 2018

Flagship big.jpg
Review this project
OWTFLogo.png

OWTF aims to make pen testing:

  • Aligned with OWASP Testing Guide + PTES + NIST
  • More efficient
  • More comprehensive
  • More creative and fun (minimise un-creative work)

so that pentesters will have more time to

  • See the big picture and think out of the box
  • More efficiently find, verify and combine vulnerabilities
  • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short timeframes we are typically given to test.

The latest version of OWASP OWTF is OWTF 2.3b "MacinOWTF".

Project Leaders

Links


OWTF is taking part in the Google Summer of Code 2018 ! If you'd like to participate then see the OWASP Google Summer of Code 2018 Ideas page!

ToolsWatch Annual Best Free/Open Source Security Tool Survey:

Presentation and talks

<iframe src="//www.slideshare.net/slideshow/embed_code/key/5BOo24YsYCvXbO" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/JerodBrennenCISSP/automating-security-testing-with-the-owtf" title="Automating Security Testing with the OWTF" target="_blank">Automating Security Testing with the OWTF</a> </strong> from <strong><a href="https://www.slideshare.net/JerodBrennenCISSP" target="_blank">Jerod Brennen</a></strong> </div>

The following links provide access to materials for OWTF talks (video, slides, etc.):

OWTF Talks at 7-a.org

You can see what OWASP OWTF is all about in the following video:
OWASP OWTF 1.0 "Lionheart" - Brucon 2014 5x5:
OWASP AppSec EU 2013: Introducing OWASP OWTF 5x5:

For more videos please see the YouTube channel

Licensing

LICENSE

Openhub

https://www.openhub.net/p/owasp-owtf

Classifications

Flagship projects.jpg
Cc-button-y-sa-small.png

Quick Download

Email List

Sign Up

News and Events

In Print

Volunteers

OWTF is developed by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or through other means:

OWTF attempts to solve the "penetration testers are never given enough time to test properly" problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:

  • To improve security testing efficiency (i.e. test more in less time)
  • To improve security testing coverage (i.e. test more)
  • Gradually integrate the best tools
  • Unite the best tools and make them work together with the security tester
  • Remove or Reduce the need to babysit security tools during security assessments
  • Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
  • Help penetration testers save time on report writing

Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP OWTF (home page)
Purpose: The Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.

Please see: http://owtf.org http://blog.7-a.org/search/label/OWTF%20Talks http://www.slideshare.net/abrahamaranguren

License: BSD License
who is working on this project?
Project Leader(s):
  • Abraham Aranguren @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Abraham Aranguren @ to contribute to this project
  • Contact Abraham Aranguren @ to review or sponsor this project
current release
https://github.com/owtf/owtf/releases
last reviewed release
Not Yet Reviewed


other releases