This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Winter Of Security"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
  
== OWASP Winter Of Security ==
+
== OWASP Winter Of Code ==
 +
 
 +
== Other titles ==
 +
 
 +
- Owasp Code Wind
 +
- OWASP Tool Hack
 +
- OWASP College Codeathon
 +
- OWASP Winter of Credit
 +
- OWASP Credit Codeathon
 +
 
  
 
== Foreword ==
 
== Foreword ==
  
  
The OWASP Winter of Security (OWOS) is a program to involve students with Security projects. By participating in OWOS a student can get real life experience while contributing to an open source project and getting university credits.
+
The OWASP Winter Of Code (OWOC) is a program to involve students with Security projects. By participating in OWOS a student can get real life experience while contributing to an open source project and getting university credits.
  
 
== Benefits ==
 
== Benefits ==
Line 14: Line 23:
 
You are supervised by a person with real-world experience on security  
 
You are supervised by a person with real-world experience on security  
 
You make excellent contacts and you participate in an international team
 
You make excellent contacts and you participate in an international team
 +
 +
== Perks ==
 +
 +
Students who succesfully participate in the project get an OWASP membership and an OWASP Winter of Code t-shirt
  
 
== How it works: ==
 
== How it works: ==
Line 27: Line 40:
  
 
=== Student ===
 
=== Student ===
 +
 
Get in touch with the people responsible for the projects listed here(link to the project's page)
 
Get in touch with the people responsible for the projects listed here(link to the project's page)
 
Pick a project or propose your own
 
Pick a project or propose your own
 
--Note: (how's it going to be with the professors? are the students going to arrange everything or they get us in touch with their profs?)
 
--Note: (how's it going to be with the professors? are the students going to arrange everything or they get us in touch with their profs?)
  
=== Profesor ===  
+
=== Proffesor ===  
  
 
Send an email to the people responsible for the projects you are interest in.
 
Send an email to the people responsible for the projects you are interest in.

Revision as of 20:35, 1 June 2014

OWASP Winter Of Code

Other titles

- Owasp Code Wind - OWASP Tool Hack - OWASP College Codeathon - OWASP Winter of Credit - OWASP Credit Codeathon


Foreword

The OWASP Winter Of Code (OWOC) is a program to involve students with Security projects. By participating in OWOS a student can get real life experience while contributing to an open source project and getting university credits.

Benefits

You get to work for a popular project. Since the project is open source your work is publicly visible. You get university credits while doing so. You are supervised by a person with real-world experience on security You make excellent contacts and you participate in an international team

Perks

Students who succesfully participate in the project get an OWASP membership and an OWASP Winter of Code t-shirt

How it works:

Any project that will give you uni credits can participate in OWOS. Each project will be guided by an OWASP expert along with a professor. Students are graded by their University, based on success criteria identified at the beginning of the project.

Projects are focused on developing security tools. It is required that the code any student produces for those projects will be released as Open Source. Universities are free to specify their own requirements to projects, such as written reports. OWASP does not influence the way grades are allocated. The OWASP advisers will provide any information professors need in order to grade their students.

Note on language: English is required for code comments and documentation, but not for interactions between students and advisers. Advisers who speak the same language as their students are encouraged to interact in that language. How you can participate

How you can participate:

Student

Get in touch with the people responsible for the projects listed here(link to the project's page) Pick a project or propose your own --Note: (how's it going to be with the professors? are the students going to arrange everything or they get us in touch with their profs?)

Proffesor

Send an email to the people responsible for the projects you are interest in.



List With proposed projects

OWASP OWTF - Testing Framework Improvements

Brief explanation:

As OWASP OWTF grows it makes sense to build custom unit tests to automatically re-test that functionality has not been broken. In this project we would like to improve the existing unit testing framework so that creating OWASP OWTF unit tests is as simple as possible and all missing tests for new functionality are created. The goal of this project is to update the existing Unit Test Framework to create all missing tests as well as improve the existing ones to verify OWASP OWTF functionality in an automated fashion.


Top features

In this improvement phase, the Testing Framework should:

  • (Top Prio) Focus more on functional tests

For example: Improve coverage of OWASP Testing Guide, PTES, etc. (lots of room for improvement there!)

  • (Top Prio) Put together a great wiki documentation section for contributors

The goal here is to help contributors write tests for the functionality that they implement. This should be as easy as possible.

  • (Top Prio) Fix the current Travis issues :)
  • (Nice to have) Bring the unit tests up to speed with the codebase

This will be challenging but very worth trying after top priorities. The wiki should be heavily updated so that contributors create their own unit tests easily moving forward.


General background

The Unit Test Framework should be able to:

  • Define test categories: For example, "all plugins", "web plugins", "aux plugins", "test framework core", etc. (please see this presentation for more background)
  • Allow to regression test isolated plugins (i.e. "only test _this_ plugin")
  • Allow to regression test by test categories (i.e. "test only web plugins")
  • Allow to regression test everything (i.e. plugins + framework core: "test all")
  • Produce meaningful statistics and easy to navigate logs to identify which tests failed and ideally also hints on how to potentially fix the problem where possible
  • Allow for easy creation of _new_ unit tests specific to OWASP OWTF
  • Allow for easy modification and maintenance of _existing_ unit tests specific to OWASP OWTF
  • Perform well so that we can run as many tests as possible in a given period of time
  • Potentially leverage the python unittest library: http://docs.python.org/2/library/unittest.html


For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF


Expected results:

  • IMPORTANT: PEP-8 compliant code in all modified code and surrounding areas.
  • IMPORTANT: OWTF contributor README compliant code
  • Performant and automated regression testing
  • Unit tests for a wide coverage of OWASP OWTF, ideally leveraging the Unit Test Framework where possible
  • Good documentation


Knowledge Prerequisite:

Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn


Mentor: Abraham Aranguren - OWASP OWTF Project Leader - Contact: [email protected]