Presentation is loading. Please wait.

Presentation is loading. Please wait.

2008-08-262 OWASP Live CD 2008 – Outline Introduction OWASP Live CD 2008 How can you get involved? What's next? The competition.

Published byAriel Reed Modified over 8 years ago

Similar presentations

Presentation on theme: "2008-08-262 OWASP Live CD 2008 – Outline Introduction OWASP Live CD 2008 How can you get involved? What's next? The competition."— Presentation transcript:

1

2 2008-08-262 OWASP Live CD 2008 – Outline Introduction OWASP Live CD 2008 How can you get involved? What's next? The competition

3 2008-08-263 Project background Email to OWASP mail list announcing the Summer of Code for 2008 Included many “prioritized projects” Updating the OWASP Live CD 2007 was one I applied and waited The start of the SoC was a bit delayed but officially started on April 16 th OWASP Live CD was selected in the second round Time for me to get started

4 2008-08-264 Do it for the children...

5 2008-08-265 My backgound & Why I applied Found OWASP somewhere around 2000 Web App developer in some hostile environments Telecom/Ecommerce (international) Major University (Texas A&M) Didn't want my apps to get popped Found and got my Web App Sec start with a very early version of Web Goat Been a full time Linux user since mid-2000 ABW? Maybe OVW Name your distro, I've probably installed it

6 2008-08-266 OWASP Live CD – A history The original OWASP Live CD was created as part of a couple of [Season here] of Codes. Autumn of Code 2006 & Spring of Code 2007 Named “LabRat” (version 2.1) Based on Morphix (Debian derivative) Last news item was Feb 2007 No project mail list Seemed dormant More on this later...

7 2008-08-267 Enter stage left, OWASP Live CD 2008 After some consideration, the SoC project arrived at the following goals: Move from Morphix to SLAX Get the SLAX CD to 2007 tool parity Add OWASP branding to the Live CD Add additional, quality tools Documentation How the Live CD was created Include documentation on the Live CD OWASP Testing Guide,...

8 2008-08-268 Why document how the CD was created??

9 2008-08-269 Why SLAX? SLAX is a Linux distro based on Slackware specifically made for live CDs Why SLAX? Easy to make & update modules Breaks creating new modules into small units Comes with some great module building tools Proven track record (Backtrack, Whax, DAVIX,...) Defaults to KDE – easy transition from Windows Allow for some future cool stuff - more on this later.

10 2008-08-2610 A very important point ! =

11 2008-08-2611 OWASP Live CD 2008 beta 1 Tools currently on the CD OWASP's WebScarab (20070504-1631) OWASP's WebGoat (5.1) OWASP's CAL9000 (2.0) OWASP's JBroFuzz (0.9) Paros Proxy (3.2.12) nmap (4.6.0) Wireshark (1.0.0) tcpdump (3.9.8) Firefox 3

12 2008-08-2612 Short list for the SoC release Burp Suite Grendal-scan OWASP DirBuster Nikto 2.0 OWASP SQLiX w3af (maybe GUI too) sqlmap sqlninja WebShag HTTP Print Absinthe OWASP WSFuzzer bou BEEF OWASP Skavenger ProxyMon

13 2008-08-2613 More on tools When looking for tools, I started with three sources OWASP Testing Guide v2 Tools I've used, like, etc Tools listed on the Phoenix Tools list http://www.owasp.org/index.php/Phoenix/Tools Name, Website, License, Install from, OWASP tool, OWASP Guide page(s) and Notes Total of 331 tools are currently listed on the Wiki

14 2008-08-2614 How many more tools?

15 2008-08-2615 How can you help? Give the CD a try You've got one now so what's your excuse? Provide feedback on the provided tools Suggest new ones, better installs, etc Suggest new tools Either for the CD or the Tools list Know any l33t graphic designers? I'm definitely not l33t with graphics Join the OWASP Live CD 2008 mail list!

16 2008-08-2616 What's next? Road map going forward Complete the SoC Install most/all the tools on the short list Tweak the OWASP branding a bit Launch Party @ DallasCon A definite maybe – waiting for confirmation Future OWASP Austin talk? OWASP Europe 2008 (Portugal)

17 2008-08-2617 Beyond the SoC Long term vision – more cool stuff Continue cranking out modules Use Google code repository to hold tools Can add new tools to the running Live CD Props to SLAX Update the tools and menu structure to follow the to be released OWASP Testing Guide v3 Try for every tool mentioned OSD – could be really nice...

18 2008-08-2618 osd_cat in action

19 2008-08-2619 Beyond the SoC #2 GPG sign & hash the modules Write a program to auto-update the CD to the latest version of the tools Ability to update modules + Google code repository + a bit of coding = always updatable Live CD Start quarterly releases Even with the auto-update deal, updating gets old One edition per season, timing TBD

20 2008-08-2620 Its pie in the sky time... Automatic downloadable update + tool categories = Tool profiles Example profiles Whitebox testing Blackbox testing Static Analysis Target Specific (Java,.Net,...)

21 2008-08-2621 Back to Sanity Create a new OWASP Project OWASP Tools Project Take the 331+ tools I already have listed, categorize them and produce wiki page(s) for them. Let OWASP be a the destination of choice when Looking for tools Advertising a tool you just wrote As an added bonus, list the OWASP tools first Incentive to create OWASP tools or donate current ones

22 2008-08-2622 Welcome to Full-Disclosure-ville The competition LabRat – previous OWASP XoC project Apparently a new version will be released at OWASP NYC 2008 (Track 1: Sept 24 th at 3:00 PM) Content unknown – hinted at Spear Phishing tool Bit of confusion with the name Beta of 2.1 is currently available Created by Josh Perrymon Site: http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

23 2008-08-2623 More Competition Samurai WTF That's Samurai Web Testing Framework Ubuntu based Live CD Very pretty graphics Currently a development release Decent tool selection + pre-configured Wiki for documentation Site: http://samurai.intelguardians.com/ BTW, the login is samurai / samurai

24 2008-08-2624 Demo – Get ready for slash and burn

25 2008-08-2625 Links OWASP Project site: http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project Project Wiki: http://mtesauro.com/livecd/ Project Email list: https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project

26 2008-08-2626 That's all folks – any questions?

Download ppt "2008-08-262 OWASP Live CD 2008 – Outline Introduction OWASP Live CD 2008 How can you get involved? What's next? The competition."

Similar presentations

Administrator’s and User’s Guide for KillDisk

Administrator’s and User’s Guide for KillDisk
Graphic Services Step-by-step on-line ordering for new Quick Copy Service Instructional Materials Only.

Graphic Services Step-by-step on-line ordering for new Quick Copy Service Instructional Materials Only.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.

Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.
SQL Reporting Another tool in our IT toolbox. It may not be the sharpest, but it’s free with msSQL and it empowers the users, some. By Bryan Yates -

SQL Reporting Another tool in our IT toolbox. It may not be the sharpest, but it’s free with msSQL and it empowers the users, some. By Bryan Yates -
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
Creating a Portfolio Website Phillips. Go to wix.com.

Creating a Portfolio Website Phillips. Go to wix.com.
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
SDL Tridion Community Webinar Introduction and demonstration of the Page Publisher.

SDL Tridion Community Webinar Introduction and demonstration of the Page Publisher.
Websites with Weebly are easy!. Easy Website Creation with Weebly Making your library media center’s web presence current and effective Holly Frilot,

Websites with Weebly are easy!. Easy Website Creation with Weebly Making your library media center’s web presence current and effective Holly Frilot,
An Introduction to ASP.NET Web Pages 2 Module 1: Webmatrix Installation and Your First Web Site Tom Perkins.

An Introduction to ASP.NET Web Pages 2 Module 1: Webmatrix Installation and Your First Web Site Tom Perkins.
Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.

Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.
Open Source Workshop1 IBM Software Group Working with Apache Tuscany A Hands-On Workshop Luciano Resende Haleh.

Open Source Workshop1 IBM Software Group Working with Apache Tuscany A Hands-On Workshop Luciano Resende Haleh.
NEW INDEXING TOOL COMING IN 2014 February 2014. I ATTENDED A CLASS ABOUT THE NEW INDEXING TOOL AT ROOTSTECH14 IN FEBRUARY 2014.

NEW INDEXING TOOL COMING IN 2014 February I ATTENDED A CLASS ABOUT THE NEW INDEXING TOOL AT ROOTSTECH14 IN FEBRUARY 2014.
New Tools to Increase Sales And to Enhance The User Experience.

New Tools to Increase Sales And to Enhance The User Experience.
Go to the Destiny home page,

Go to the Destiny home page,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction Purpose This course describes the process of installing the KPIT GNU toolchain on your PC. Objective Learn how easy it is to get information.

Introduction Purpose This course describes the process of installing the KPIT GNU toolchain on your PC. Objective Learn how easy it is to get information.
Download Dropbox Download should start immediately Save download file:

Download Dropbox Download should start immediately Save download file:
Esri Maps for Office A brief introduction Dan Ames 9/20/2012.

Esri Maps for Office A brief introduction Dan Ames 9/20/2012.

Similar presentations

Ads by Google