[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

Mike Goodwin mike.goodwin at owasp.org
Wed Mar 25 16:06:34 UTC 2015


Hmm. Open source...

I was going to use ASP.Net since that is what I'm best at. Would that be
allowed? It is open source now. WebGoat.Net is .Net (obviously) so I
assumed that was a precedent. The other 3rd party components I was thinking
of so far are all open source.

As for distributing on a VM or with an installer, I'd have to think about
what that would mean. With my DevOps hat on, I already designed a
multi-server, HA architecture :o)

On Wed, Mar 25, 2015 at 3:48 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> Can you make it deliverable on a VM or installable like WebGoat? I.e.,
> there could be many copies of the web app not just one? If you do that, no
> problem at all.
>
>
>
> And everything developed to build it is open source of course.
>
>
>
> -Dave
>
>
>
> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Mike Goodwin
> *Sent:* Wednesday, March 25, 2015 11:22 AM
> *To:* owasp-leaders at lists.owasp.org
> *Subject:* [Owasp-leaders] Fwd: Is it feasible to have an OWASP project
> that is a web application?
>
>
>
> Hello all,
>
>
>
> All the OWASP projects I have looked at are either
>
>    - Media projects (e.g. ASVS), or
>    - Locally installed tools (e.g. ZAP)
>
> Is it feasible do you think to have a project that is a web application? I
> am thinking about a collaborative threat modelling tool. It feels like it
> should be a web application rather than an installed application.
>
>
>
> It seems like the cost of operating a secure multi-user web app with all
> the hosting, backup, availability and security responsibilities that come
> along with that would make it infeasible for an organisation like OWASP.
>
>
>
> On the other hand, it seems odd that an organisation that is about web
> applications does not run any (other than the OWASP web site, obviously).
>
>
>
> Thoughts welcome...
>
>
>
> Mike
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/e2a67319/attachment-0001.html>


More information about the OWASP-Leaders mailing list