[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

Dave Wichers dave.wichers at owasp.org
Wed Mar 25 15:48:40 UTC 2015

Can you make it deliverable on a VM or installable like WebGoat? I.e., there could be many copies of the web app not just one? If you do that, no problem at all.


And everything developed to build it is open source of course.




From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mike Goodwin
Sent: Wednesday, March 25, 2015 11:22 AM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?


Hello all,


All the OWASP projects I have looked at are either

*	Media projects (e.g. ASVS), or
*	Locally installed tools (e.g. ZAP)

Is it feasible do you think to have a project that is a web application? I am thinking about a collaborative threat modelling tool. It feels like it should be a web application rather than an installed application.


It seems like the cost of operating a secure multi-user web app with all the hosting, backup, availability and security responsibilities that come along with that would make it infeasible for an organisation like OWASP.


On the other hand, it seems odd that an organisation that is about web applications does not run any (other than the OWASP web site, obviously).


Thoughts welcome...






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/7feea025/attachment.html>

More information about the OWASP-Leaders mailing list