[Owasp-live-cd-2008-project] OWASP Summit 2008 (Portugal) outcomes

[OWASP Live CD 2008 Project]

For those that didn't know, I attended the OWASP Summit in Portugal from
November 3rd to 7th.  I'm finally catching up on things now that I'm
back home.  Beyond presenting the Live CD Project at the summit, I
chaired the tools and Live CD/DVD working sessions.  The Live CD working
session produced several outcomes, ideas, suggestions, etc.  Here's what
I have from notes and my memory:

-- The Live CD Project & handling older versions --
* The previous version of the Live CD will be marked as
"archived/deprecated" with a link to the newest version (2008) added to
its project page.
* A project page for the current Live CD will be created and whatever
the current project is will live there.  So if a SoC 2009 creates a
OWASP Live CD 2009, it will take the place of the SoC 2008 release.
* As new projects are completed, old projects will be archived.

-- Changes/Updates to the OWASP Live CD 2008 --
* The menu structure is a mess (or really there is no structure)  Time
needs to be spent providing some sane structure to the menu items.
  ** Organize the menu items according to phase of testing - this should
be based on the OWASP testing guide.  See chapter 4 in v2 of the guide
or see the not quite finalized v3 of the guide:
http://www.owasp.org/index.php/Web_Application_Penetration_Testing
  ** For each phase of testing (aka submenu) provide the following
categories:  Tools, Docs, Training
  ** Training content could be tricky on a Live CD - consider providing
pointers to materials (esp videos) due to space limitations
  ** Provide a "README" in the documents folder to explain the purpose
of each of the documents so that users have some guidance.  The is
particularly important for the general "Documentation" menu item.
* Provide a "Setup Guide" for items such as wireless & networking to
assist those not familiar with Linux.
* Consider starting the Live CD in a "Kiosk" mode with a highly
simplified interface to the tools/docs.  This would remove any confusion
caused by unfamiliarity with KDE/Linux.  Include an option to leave this
mode and go to the "full desktop"
* Create a tool to update the Live CD to the latest modules.  The tool
would also need to be smart about module dependencies.  Modules can be
pulled via https from the Google Code repository site.
  ** If the tool is "smart" enough, profiles could be defined for
collections of tools/docs.  Users could then install a profile for the
type of work they are going - think Java apps vs .Net apps for example.
* Create & document a live USB drive version.  Include persistence since
USB drives are writable.
* Create & document a virtualized version - VMware, Virtual Box and
qeumu are potential VM targets.

-- Misc. Notes and Observations --
* The OWASP Education project could greatly benefit from coordination
with the OWASP Live CD project.  Initial contact has been made and
communication channels will continue to be open between the two projects
* The OWASP Education project is working on a well defined process to
convert Wiki content to publish-able content (PDF, etc).  This will
greatly aid the Live CD so that the current online documentation can
easily be shipped with the CD.
* The Live CD also needs to keep in touch with the Documentation project
 so that the latest OWASP docs are available on the Live CD.


I'll wait a couple of days and before I update the "Road Map" page on
the documentation wiki to reflect this list.  I'm holding off to allow
anyone to comment on these items or provide additional suggestions. I'll
also work on attaching some priorities and timelines to these items
after the list gets finalized.

Feedback, as always, is welcome.

-- 
-- Matt Tesauro
OWASP Live CD 2008 Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
http://mtesauro.com/livecd/ - Documentation Wiki