Outdated Tool Information
1 view
Skip to first unread message
Claudia Casanovas
Feb 24, 2016, 5:54:53 PM2/24/16
to owasp-project-reviews, Josh Sokol
Hello Project Review Team,
Please let me know how I can help to replace the outdated tools as I just did a health check but I can reach out to the project leader for an update. Then you can decide on the technical part of the project and may need to be archived and marked.
OWASP Testing Guidev4 (example)
Note from Josh below: Flagship "OWASP Testing Guide v4". That said, a number of the tools that are recommended are obsolete, redirect to paid tools, or otherwise problematic. For example, in the "Testing Oracle" section, we recommend SQLInjector (http://www.databasesecurity.com/sql-injector.htm) which gives a 404 Not Found and Orascan and NGS SQuirreL (http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/information-security-software/ngs-orascan/) which redirects to a paid application.
i would like to send the Project Leader a note to see if there is an updated on the above and other outdated tools.
Claudia
From: Josh Sokol <josh....@owasp.org>
Date: Wed, Feb 24, 2016 at 4:08 PM
Subject: Outdated Tool Information
To: owasp-testing-project <owasp-test...@owasp.org>, "owasp-projec...@googlegroups.com" <owasp-projec...@googlegroups.com>
FYI, this is me asking as a user of the project, not as a Board member or anything like that.
~josh
Date: Wed, Feb 24, 2016 at 4:08 PM
Subject: Outdated Tool Information
To: owasp-testing-project <owasp-test...@owasp.org>, "owasp-projec...@googlegroups.com" <owasp-projec...@googlegroups.com>
Hello,
I was preparing a presentation on Open Source Tools and Methodologies for next week and in part of the deck I cover some of the tool recommendations from the Flagship "OWASP Testing Guide v4". That said, a number of the tools that are recommended are obsolete, redirect to paid tools, or otherwise problematic. For example, in the "Testing Oracle" section, we recommend SQLInjector (http://www.databasesecurity.com/sql-injector.htm) which gives a 404 Not Found and Orascan and NGS SQuirreL (http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/information-security-software/ngs-orascan/) which redirects to a paid application. I also noted that the Appendix A in the back of the guide is based off of the much older version of the guide and has not been updated with the new tool recommendations as many of the tools are obsolete (WebScarab, Pantera, Odysseus, SPIKE, etc etc etc). It looks like the last revision of this document is from 2014. Are we working on a revised version for 2016 or would it make sense to mark this project as no longer being updated? Reply all
Reply to author
Forward
0 new messages