[Owasp-leaders] OWASP Live CD - Coming to a university text near you

Matt Tesauro mtesauro at gmail.com
Wed Apr 8 14:27:21 EDT 2009


James Walden wrote:
>> Excellent news!  Thanks for letting me know about it and please let me
> know if there is
>> anything missing from the OWASP Live CD which would assist your
> instruction.
> 
> The version of SQLix on the CD is broken.  It cannot accept any command
> line parameters.  
Interesting.  This hasn't been reported to date.  Thanks for the
feedback.  I'll look into why that is and get a new module out.

The LiveCD version of w3af often crashes before
> finishing a scan.  
When I was doing the latest release, w3af was pushing hard for the 1.0
release and any of the svn releases at the time were less stable than
what was currently on there.  w3af just announced 1.0 rc2 so hopefully
the next CD release won't have those issues.  I also noted that w3af,
Grendel and Paros can freeze when spidering abnormally large sites.  I
happen to know of a site with 8 GB+ of static content that will allow me
to scan it.  Crawling that site kills any automated scanner I've tried.

My students installed the latest versions of both
> tools so that they could use them.
Did the students use the update script for w3af?  The installed version
is a direct pull from SVN so it should be easily updated.  I've planned
another option to the w3af update script which allows the user to revert
to the SVN release that 'shipped' with the Live CD so SVN updates can be
reversed.

Thanks again for the terrific feedback.  If you or your students have
other issues, please either post them to the OWASP Live CD list or to me
directly.  This is what it takes to get the Live CD that much better.

If you have further feedback, lets take this off list or over the the
OWASP Live CD list as this is straying a bit off topic.

-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://mtesauro.com/livecd/ - Documentation Wiki
Took this off list since its Live CD specific.

> 
> James Walden, Ph.D.
> Dept. of Computer Science
> Northern Kentucky University
> http://faculty.cs.nku.edu/~waldenj
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list