Featured OWASP Project
OWASP Bricks
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP. OWASP Bricks provides a platform for learning web application security and a test bed for analyzing the performance of web application security scanners.
For more information, please contact the Project Leader, Abhi Balakrishnan
New OWASP Projects
OWASP Code Pulse 2.0
The OWASP Code Pulse team is proud to announce version 1.0 of their real-time coverage tool! Are you a penetration tester or a user of tools like ZAP? Then we think we have something that is going to make your life as a pen-tester easier. Code Pulse is a real-time code coverage tool that lets you visually see coverage gaps in your testing activity. To find out more about it and to download it please visit Code Pulse
For more information, please contact the Project Leader, Hassan Radwan.
Project Announcements
Open Source Showcase
The AppSec EU Conference Team is happy to announce that there will be ten projects participating in this year’s Open Source Showcase at AppSec EU this summer. The Open Source Showcase is an unique event module that allows project leaders and/or project contributors to showcase their work in a demo setting and gain exposure for their projects without to conduct a full session. The Showcase affords a more personal view of project between attendees.
Throughout the conference, these project will be demoing at the Open Source Showcase space within the conference venue. Join us at the Open Source Showcase June 23-26. Demo times to be announced closer to the conference.
See you in Cambridge!
Below is a list of all the participating projects.
Bywaf - ByWaf is a web application penetration testing framework (WAPTF). It consists of a command-line interpreter and a set of plugins.
OWASP Python Security Project - Python Security aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.
OWASP Ninja PingU Project - is a high performance network scanner tool for large scale analyses. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin integration.
OWASP PCI Toolkit - OWASP PCI toolkit is a c# Windows form project, that will help you to scope the PCI-DSS requirements for your System Components. Beta version of this tool will be released May 2014.
WPScan - WPScan is a black box WordPress vulnerability scanner.
OWASP Hackademic Challenges Project - The Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. Currently, there are 10 web application security scenarios available.
OWASP OWTF - OWASP OWTF is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
OWASP WTE - The OWASP WTE project is an enhancement of the original OWASP Live CD Project and expands the offering from a static Live CD ISO image to a collection of sub-projects. Its primary goal is to make application security tools and documentation easily available and easy to use.
OWASP ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
ThreadFixThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.
Project Summit
We are just a little over a month away from AppSec EU and the 2014 Project Summit. So far we have some great projects signed up to participate, but we need more projects participating. The Project Summit is a fantastic opportunity to workshop your project and gather new volunteers for your project. The Project Summit will be taking place June 23-24 Anglia Ruskin University in Cambridge, UK and is free and open to the Community. You do not need a conference pass to attend the Project Summit.
Don’t have a project? No problem, we can still use your help at the Project Summit. Sign up to participate in the Project Summit by contacting Samantha Groves or Kait disney-Leugers
|