[Owasp-live-cd-2008-project] OWASP Summit 2008 (Portugal)outcomes
OWASP Live CD 2008 Project
owasp-live-cd-2008-project at lists.owasp.org
Tue Nov 18 15:41:16 EST 2008
4-cents worth:
The list of potential enhancements is long, and represents significant
effort.
This list needs to be vetted, and then the resulting items prioritized. I'm
not sure which of these items actually belong; which belong to the LiveCD,
and which belong to the education project.
For example "Kiosk Mode", and offering other "ease of use for newbies"
features - not sure I'm entirely on-board with these thoughts for the
LiveCD. The need very-much depends on the target audience. In general - you
better have some appropriate technical grounding to unleash any of these
tools.
Yes, to a point, the toolset mentioned in OWASP educational material should
be reasonably in-sync with the OWASP LiveCD.
(did I say in consideration of the target audience already ?)
The "raison d'etre" of both projects needs to be visited: (my view)
education should clarify methologies, provide examples, and not be overly
dependent on a specific implementation; the LiveCD should provide
executables which are accessible in a simple way - without a deep nest of
menus.
If the education project is aimed at newbies, then that project could
publish a (sub)set of simplified tools for that target audience.
It would be helpful to get feedback from people who are currently using the
LiveCD and the education docs in college courses - I believe there was at
least one school making that attempt.
KP
----- Original Message -----
From: "OWASP Live CD 2008 Project"
<owasp-live-cd-2008-project at lists.owasp.org>
To: <owasp-live-cd-2008-project at lists.owasp.org>
Sent: Tuesday, November 18, 2008 3:07 PM
Subject: Re: [Owasp-live-cd-2008-project] OWASP Summit 2008
(Portugal)outcomes
> Kent (and the list),
>
> Due to a scheduling conflict during the summit, I missed the
> working group on the Winter of Code. I'm waiting until after Thanks
> Giving to see if the results are posted from that working group. If I
> don't hear by then, I'll start asking various and sundry OWASP people.
>
> What I'm about to type is at best a guess derived from asking random
> people at the summit and shouldn't be taken as OWASP gospel. I
> _believe_ that there will NOT be a WoC but instead be a "Spring of
> Quality". The purpose of the SoQ (?) will be to improve the overall
> quality of existing OWASP offerings, especially to bring alpha projects
> to beta and beta to release. That is different from a XoC where new
> project are generally encouraged. I'm not clear what this means for a
> "release" quality project (e.g. the Live CD). As soon as I know more,
> I'll post it to the list. Hope that helps (some).
>
> -- Matt Tesauro
> OWASP Live CD 2008 Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
> http://mtesauro.com/livecd/ - Documentation Wiki
>
> OWASP Live CD 2008 Project wrote:
>> Sounds excellent.
>>
>> Will there be a WOC ? (following this FOC & SOC ?)
>>
>> Kent Poots
>>
>>
>> jkpoots at rogers.com
>>
>> --- On *Tue, 11/18/08, OWASP Live CD 2008 Project
>> /<owasp-live-cd-2008-project at lists.owasp.org>/* wrote:
>>
>> From: OWASP Live CD 2008 Project
>> <owasp-live-cd-2008-project at lists.owasp.org>
>> Subject: [Owasp-live-cd-2008-project] OWASP Summit 2008 (Portugal)
>> outcomes
>> To: owasp-live-cd-2008-project at lists.owasp.org
>> Received: Tuesday, November 18, 2008, 11:54 AM
>>
>> For those that didn't know, I attended the OWASP Summit in Portugal
>> from
>> November 3rd to 7th. I'm finally catching up on things now that I'm
>> back home. Beyond presenting the Live CD Project at the summit, I
>> chaired the tools and Live CD/DVD working sessions. The Live CD
>> working
>> session produced several outcomes, ideas, suggestions, etc. Here's
>> what
>> I have from notes and my memory:
>>
>> -- The Live CD Project &
>> handling older versions --
>> * The previous version of the Live CD will be marked as
>> "archived/deprecated" with a link to the newest version (2008) added
>> to
>> its project page.
>> * A project page for the current Live CD will be created and whatever
>> the current project is will live there. So if a SoC 2009 creates a
>> OWASP Live CD 2009, it will take the place of the SoC 2008 release.
>> * As new projects are completed, old projects will be archived.
>>
>> -- Changes/Updates to the OWASP Live CD 2008 --
>> * The menu structure is a mess (or really there is no structure)
>> Time
>> needs to be spent providing some sane structure to the menu items.
>> ** Organize the menu items according to phase of testing - this
>> should
>> be based on the OWASP testing guide. See chapter 4 in v2 of the
>> guide
>> or see the not quite finalized v3 of the guide:
>> http://www.owasp.org/index.php/Web_Application_Penetration_Testing
>> ** For each phase of
>> testing (aka submenu) provide the following
>> categories: Tools, Docs, Training
>> ** Training content could be tricky on a Live CD - consider
>> providing
>> pointers to materials (esp videos) due to space limitations
>> ** Provide a "README" in the documents folder to explain the
>> purpose
>> of each of the documents so that users have some guidance. The is
>> particularly important for the general "Documentation" menu item.
>> * Provide a "Setup Guide" for items such as wireless & networking
>> to
>> assist those not familiar with Linux.
>> * Consider starting the Live CD in a "Kiosk" mode with a highly
>> simplified interface to the tools/docs. This would remove any
>> confusion
>> caused by unfamiliarity with KDE/Linux. Include an option to leave
>> this
>> mode and go to the "full desktop"
>> * Create a tool to update the Live CD to the latest modules. The
>> tool
>> would also need to be smart about module dependencies. Modules can
>> be
>> pulled via https from the Google Code repository site.
>> ** If the tool is "smart" enough, profiles could be defined for
>> collections of tools/docs. Users could then install a profile for
>> the
>> type of work they are going - think Java apps vs .Net apps for
>> example.
>> * Create & document a live USB drive version. Include persistence
>> since
>> USB drives are writable.
>> * Create & document a virtualized version - VMware, Virtual Box and
>> qeumu are potential VM targets.
>>
>> -- Misc. Notes and Observations --
>> * The OWASP Education project could greatly benefit from coordination
>> with the OWASP Live CD project. Initial contact has been made and
>> communication channels will continue to be open between the two
>> projects
>> * The OWASP Education project is working on a well defined process to
>> convert Wiki content to publish-able content (PDF, etc). This will
>> greatly aid the Live CD so that the current online
>> documentation can
>> easily be shipped with the CD.
>> * The Live CD also needs to keep in touch with the Documentation
>> project
>> so that the latest OWASP docs are available on the Live CD.
>>
>>
>> I'll wait a couple of days and before I update the "Road Map"
>> page on
>> the documentation wiki to reflect this list. I'm holding off to
>> allow
>> anyone to comment on these items or provide additional suggestions.
>> I'll
>> also work on attaching some priorities and timelines to these items
>> after the list gets finalized.
>>
>> Feedback, as always, is welcome.
>>
>> --
>> -- Matt Tesauro
>> OWASP Live CD 2008 Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
>> http://mtesauro.com/livecd/ - Documentation Wiki
>> _______________________________________________
>> Owasp-live-cd-2008-project mailing
>> list
>> Owasp-live-cd-2008-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Owasp-live-cd-2008-project mailing list
>> Owasp-live-cd-2008-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
> _______________________________________________
> Owasp-live-cd-2008-project mailing list
> Owasp-live-cd-2008-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
>
More information about the Owasp-live-cd-2008-project
mailing list