[GPC] [Owasp-testing] Add new tools

Brad Causey bradcausey at gmail.com
Thu Sep 10 14:24:11 EDT 2009 

I think this is a great idea.

Matt and I have begun a much less ambitious, although similar, task. See
here:

http://appseclive.org/content/owasp-live-cd-tutorials


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will expend to
break a code. (Robert Morris)
--


On Thu, Sep 10, 2009 at 1:22 PM, Paulo Coimbra <paulo.coimbra at owasp.org>wrote:

>  It’s perfect to me! I’ll be waiting for more news. Do not hesitate and
> get back to me if you think I can be of any assistance.
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Aung Khant [mailto:aungkhant at yehg.net]
> *Sent:* quinta-feira, 10 de Setembro de 2009 19:17
> *To:* paulo.coimbra at owasp.org; owasp-testing at lists.owasp.org
> *Cc:* Global Projects Committee
> *Subject:* Re: [Owasp-testing] Add new tools
>
>
>
> Hi Paulo
>
> No hesitation for such a cool project according to the list's feedback.
> Let me start it when I become free from some workload.
>
> The project is not tool-centric.
>
> Tool centric for me means
>
> - Hey this is Tool A - this is used for what A.
>
> Tool centric approach is never intelligent.
>
> I make the project like methodology-based or testing-based approach  like
> the Test Guide
>
> - Hey here we go for web server testing - use the following tools - Tool A,
> Tool B .... Tool Z
>
> We're clear enough that adding long lists of tools to the Testing Guide is
> inappropriate.
>
> Useful tools are really really scattered across the web.
>
> Again, this project is not mere list of tools.
>
> This will contain the screenshots/demo movies contributed by community for
> the ease of
> followers.
>
> Well, there will be a notice/disclaimer like "OWASP does not endorse any
> tool .... "
> Should I wait for the Committee decision ?
>
>
>
>
> Regards
>
>  On Fri, Sep 11, 2009 at 12:10 AM, Paulo Coimbra <paulo.coimbra at owasp.org>
> wrote:
>
> Hello Projects Committee,
>
>
>
> Please see below this interesting thread. Does anybody want to step in?
> Interesting arguments are being exchanged and the question of creating a new
> project - OWASP Web Pentesting Tool Database Projects - is also being
> discussed.  As my 2 cents, I’d say that usually any proposal to create a new
> project is welcomed as long as it respects OWASP’s Principles*
> http://www.owasp.org/index.php/About_OWASP. *
>
> * *
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Dave van Stein [mailto:dvstein at gmail.com]
> *Sent:* quinta-feira, 10 de Setembro de 2009 18:07
> *To:* Aung Khant
> *Cc:* Kevin Horvath; Paulo Coimbra; owasp-testing at lists.owasp.org
> *Subject:* Re: [Owasp-testing] Add new tools
>
>
>
> Hi Aung,
>
> I think creating an overview of testing tools is a good idea and the idea
> actually already has been proposed at the beginning of writing the Testing
> Guide v3.
> The reasons that it has not been included are the following:
>
> 1) OWASP wants to be as unbiased as possible and does not want to give the
> impression that the guide (or OWASP itself for that matter) endorses any
> tool or vendor
> 2) creating, and especially maintaining, such a list would require a
> tremendous amount of time and work and possibly many updates of the guide.
>
> The idea was also raised to create a separate database and make a reference
> to it in the guide, but for some reason (i can't remember, but I'm guessing
> time/effort) that never happened.
>
> I think resurrecting the idea for a tooling database is a good idea, but I
> am afraid that it will not have a long life ...
>
> Like I said getting and maintaining such a list would require a tremendous
> amount of work and I think it might be difficult finding enough people
> getting the job done.
> However, if you really want to give it a try, I'd say write a project plan
> and send it to OWASP (see
> http://www.owasp.org/index.php/How_to_Start_an_OWASP_Project for
> procedure).
> If the project starts, count me in;  I am willing to spent a few hours a
> week.
>
> regards, Dave
>
>
> 2009/9/10 Aung Khant <aungkhant at yehg.net>
>
> Hi Kevin
>
> I can't agree with you more.
>
> I'm in no doubt that tools makes our life a lot easier in some situations
> when
> manual testing is our default arsenal.
>
> As far as I'm concerned, such a tool project rarely interests folks
> and they usually underestimate such.
>
> One example is notable certification - CEH, which people have been saying
> - a collection of tools and their usage.
>
> Without tools, penetration testing will take a lot longer.
> Without methodology, penetration testing won't be complete and perfect.
>
> Should we start - OWASP Web Pentesting Tool Database Projects?
>
> I think we should. There is no such Distro designed for thorough web
> testing.
> BackTrack lists just a few of web tools. Either does Samurai.
> A big challenge is that we can't stick to one platform. Some tools are for
> Windows [Can't run with wine].
> Some for Linux. We have to use both.
>
> Some may point to me sites like http://www.security-database.com/.
> As far as I know, no single site is dedicated to app sec.
>
>
>
> On Thu, Sep 10, 2009 at 9:45 PM, Kevin Horvath <kevin.horvath at gmail.com>
> wrote:
>
> Hello Aung,
>
> The guide is about the methodology and some tools are given as an
> example of what can be used but in no means is meant to be all
> encompasing.  To have a list of tools that would be useful in app
> testing could be a seperate project in itself that would need to be
> constantly updated.  Although I believe having a tool listing would be
> a nice project to have for all aspects of app testing i dont think
> that it should be part of this guide (IMHO).
>
>
> On Thu, Sep 10, 2009 at 11:06 AM, Aung Khant <aungkhant at yehg.net> wrote:
> > Hi Mat and List
> >
> > New web app test tools are developed from time to time.
> > Is it good to add new tools to the Guide wiki?
> >
> > Or does it  introduce over redundancy ?
> >
> > --
> > Best Regards
> > YGN Ethical Hacker Group
> > http://yehg.net
> >
>
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-testing
> >
> >
>
>
>
>  --
>
> Best Regards
> YGN Ethical Hacker Group
> http://yehg.net
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>
>
>
>
> --
> Best Regards
> YGN Ethical Hacker Group
> http://yehg.net
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090910/f497ea7d/attachment-0001.html

More information about the Global-projects-committee mailing list