[GPC] School project: extending existing OWASP tool / extending peachfuzz in SoC

Jason Li jason.li at owasp.org
Fri May 29 17:07:32 EDT 2009


We're grateful for your participation and I'm glad that you have
decided to contribute to the OWASP Community.

I will ask the other committee members to think about this a little
more, but off the top of my head, here are some projects that I think
have a strong project leadership that would be able to help mentor you
through participation:

- ESAPI Project: your team could implement the Enterprise Security API
for a popular language that doesn't not yet have an implementation
(e.g., Ruby on Rails)
- AntiSamy Project: again, your team could implement a version of the
AntiSamy project in a popular web language for which there isn't yet a
version (e.g., Python, Perl, etc)
- WebGoat Project: your team could develop additional education
modules for new and cutting edge web security concerns (e.g., AJAX

There are also some projects that have been abandoned by their owners
which your team could adopt and bring up to date. We're currently
working on a list of such projects.

There are many other projects out there that I'm sure would welcome
your help. Ultimately though, it will be up to the current project
leader and also dependent on the modularity of their project in order
for your contributions to be distinguishable according to your
school's requirements.

What is the time frame that you need to identify a project by?

You are welcome to apply to SoC, but you should be aware that we are
currently in the process of overhauling the SoC program. The policies
and grants that have been associated with SoC in the past are subject
to change very soon.

Please feel free to reach out to me if you have questions.


On Fri, May 29, 2009 at 4:54 PM, Martin Zember <martin.zember at matfyz.cz> wrote:
> Vážení Committee (Dear Committee),
> we are a group of students and looking for an idea what kind of a
> software project to make.
> It ought to be a team project with a scope of max. 9 months (our team
> has 5 members, each of us will work about 1 day per week). There will
> be no whitepaper at the end as the output, a research is not expected,
> rather design & implementation.
> We have a vision to do something which is related to
> vulnerability-research (e.g. to make a fuzzing framework). Currently,
> the most promising looks the extending of the Peach fuzzing framework.
> Tom Brennan suggested we could advance some of the existing OWASP
> tools and also apply for SoC. We looked through the list of existing
> OWASP tools, the site of the current and past SoC and the Request for
> Proposal 2008 for inspiration.
> We would like to hear any suggestions, which project it would be
> desired to extend. Since we expect that you have the best overview of
> all projects, we wanted to ask you
> (It has to be clear, which part of the tool is ours, since it will be
> evaluated in the school and documented as well).
> In case we will work with the Peach, is it possible to apply to SoC?
> Thank you,
> Martin Žember
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee

More information about the Global-projects-committee mailing list