This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Store Sheep Project

From OWASP
Revision as of 14:24, 17 June 2014 by Raesene (talk | contribs)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP Store Sheep

OWASP Store Sheep is a work in progress application do demonstrate security concepts relating to Windows Store Apps.

Introduction

Store Sheep is a training app for Developers wishing to learn to securely code a Windows Store ('Metro Style') App, and Testers wanting to learn to test one. It contains a number of security vulnerabilities with explanations and fixes for them.


Description

Store Sheep (in line with the 'Goat' theme of Web Goat, Rails Goat etc - I thought it was about time we had a Sheep instead) is a training application for developers and testers. It takes the form of a pretend Windows Store App called 'A friend for Ewe' which is a dating agency for owners of pet Sheep.

The purpose of Store Sheep is for developers and testers alike to learn where these apps resemble and differ from traditional Win32 and Web applications and how to build them to resist attack. A side benefit from this project will be for the community to learn more about how the certification process for a big app store works and the kind of problems it does (and doesn't) find. I would imagine this would be relevant not only to Microsoft's Store but to Apple and Google's as well.

Broadly the idea at this stage is to get a basic app and some documentation up and running quite quickly and then to refine it as time goes on.


Licensing

OWASP Store Sheep is free to use. It is licensed under the GNU GPL v3 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is Store Sheep?

OWASP Store Sheep provides:

  • A Visual Studio project containing a JavaScript/HTML Windows Store app which can be side loaded on to a development machine running Windows 8.1.


Presentation

Project Leader

Marion McCune

Related Projects

Ohloh

Quick Download

Email List

Sign Up

News and Events

In Print

Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
Q1
A1
Q2
A2

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

As of June 2014, the priorities are:

The application in its finished form will have three versions.

  1. This 'original version' contains a number of critical vulnerabilities, some of which will cause it to fail WACK (Windows Application Certification Kit). As such, if submitted to the Windows Store it would be rejected by Microsoft. The associated documentation explains how to correct these problems and move it to B)
  2. This application passes WACK and may pass Microsoft's checks, however it still contains a number of vulnerabilities such as authorisation flaws, Web Service problems etc. which would cause it to be a danger to its users' data if put live. The associated documentation explains how to find and fix these problems.
  3. This 'fixed' version of the application represents a safe (if not tremendously useful!) app which could pass through a Web Application 'penetration' test without any significant findings.


Involvement in the development and promotion of Store Sheep is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Store Sheep
Purpose: Store Sheep is a training app for Developers wishing to learn to securely code a Windows Store ('Metro Style') App, and Testers wanting to learn to test one. It contains a number of security vulnerabilities with explanations and fixes for them.
License: GNU GPL v3
who is working on this project?
Project Leader(s):
  • Marion McCune @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: [[email protected] Mailing List Archives]
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Marion McCune @ to contribute to this project
  • Contact Marion McCune @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases