[Owasp-live-cd-2008-project] OWASP Summit 2008(Portugal)outcomes

OWASP Live CD 2008 Project owasp-live-cd-2008-project at lists.owasp.org
Wed Nov 19 14:07:42 EST 2008 

Great thanks for the feedback. I have moved USB/Vmware in higher
priority and Kiosk in Nice to have category

Must Have:

1. The previous version of the Live CD will be marked as
"archived/deprecated" with a link to the newest version (2008) added to
its project page.
2. A project page for the current Live CD will be created and whatever
the current project is will live there.  So if a SoC 2009 creates a
OWASP Live CD 2009, it will take the place of the SoC 2008 release.

Higher priority:

1. As new projects are completed, old projects will be archived.

2. The menu structure is a mess (or really there is no structure)  Time
needs to be spent providing some sane structure to the menu items.
 a. Organize the menu items according to phase of testing - this should
be based on the OWASP testing guide.  See chapter 4 in v2 of the guide
or see the not quite finalized v3 of the guide:
http://www.owasp.org/index.php/Web_Application_Penetration_Testing

b. For each phase of testing (aka submenu) provide the following
categories:  Tools, Docs, Training
c. Training content could be tricky on a Live CD - consider providing
pointers to materials (esp videos) due to space limitations
d. Provide a "README" in the documents folder to explain the purpose of
each of the documents so that users have some guidance.  The is
particularly important for the general "Documentation" menu item.

3. Create & document a live USB drive version.  Include persistence
since USB drives are writable.

4. Create & document a virtualized version - VMware, Virtual Box and
qeumu are potential VM targets.

Nice to have:

1. Provide a "Setup Guide" for items such as wireless & networking to
assist those not familiar with Linux.

2. Create a tool to update the Live CD to the latest modules.  The tool
would also need to be smart about module dependencies.  Modules can be
pulled via https from the Google Code repository site.

  a. If the tool is "smart" enough, profiles could be defined for
collections of tools/docs.  Users could then install a profile for the
type of work they are going - think Java apps vs .Net apps for example.

3. Consider starting the Live CD in a "Kiosk" mode with a highly
simplified interface to the tools/docs.  This would remove any confusion
caused by unfamiliarity with KDE/Linux.  Include an option to leave this
mode and go to the "full desktop"



Coordinate with different groups:

1. The OWASP Education project could greatly benefit from coordination
with the OWASP Live CD project.  Initial contact has been made and
communication channels will continue to be open between the two projects

2. The OWASP Education project is working on a well defined process to
convert Wiki content to publish-able content (PDF, etc).  This will
greatly aid the Live CD so that the current online documentation can
easily be shipped with the CD.

3. The Live CD also needs to keep in touch with the Documentation
project  so that the latest OWASP docs are available on the Live CD.

TODO's: 
      1. Define the differences between Kiosk mode, USB, and Virtual
Image.
      2. Mockup new Menu structure.

Thanks

 

-Nishi Kumar

 

 

________________________________

From: owasp-live-cd-2008-project-bounces at lists.owasp.org
[mailto:owasp-live-cd-2008-project-bounces at lists.owasp.org] On Behalf Of
OWASP Live CD 2008 Project
Sent: Wednesday, November 19, 2008 10:28 AM
To: owasp-live-cd-2008-project at lists.owasp.org
Subject: Re: [Owasp-live-cd-2008-project] OWASP Summit
2008(Portugal)outcomes

 

Nishi,

I agree with everything except I think the priorities are reversed on
the USB/VMware image creation and the Kiosk mode. We would, speaking for
a team of guys, prefer to be able to download this _image_ and launch it
straight into a actualization framework of some kind.(vmware,
virtualbox, etc)
Also, the USB idea plays right into this, but there are probably a lot
of kinks for this pariticular desire.
The kiosk mode is something that I imagine would be useful _if_ we had a
virtual image, be it USB or Virtual.

Would it be useful to further define the differences between Kiosk mode,
USB, and Virtual Image?

So I guess that is my take on the priorities.

I'm open to feedback!


-Brad



_____________

The information contained in this message is proprietary and/or
confidential. If you are not the 
intended recipient, please: (i) delete the message and all copies; (ii)
do not disclose, 
distribute or use the message in any manner; and (iii) notify the sender
immediately. In addition, 
please be aware that any message addressed to our domain is subject to
archiving and review by 
persons other than the intended recipient. Thank you.
_____________


_______________________________________________
Owasp-live-cd-2008-project mailing list
Owasp-live-cd-2008-project at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project

 

_____________

The information contained in this message is proprietary and/or confidential. If you are not the 
intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, 
distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, 
please be aware that any message addressed to our domain is subject to archiving and review by 
persons other than the intended recipient. Thank you.
_____________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-live-cd-2008-project/attachments/20081119/c9169930/attachment.html

More information about the Owasp-live-cd-2008-project mailing list