[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

johanna curiel curiel johanna.curiel at owasp.org
Wed Mar 25 17:00:28 UTC 2015


Webgoat It uses Mono and you can run it with a version of MS express web

On Wed, Mar 25, 2015 at 12:11 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Webgoat.net is open sourced. :) Not sure what language specifically, but
> it was written by jerry.hoff at owasp.org. There are several other
> webgoats...
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Mar 25, 2015, at 10:08 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>
> Hmm. Open source...
>
> I was going to use ASP.Net since that is what I'm best at. Would that be
> allowed? It is open source now. WebGoat.Net is .Net (obviously) so I
> assumed that was a precedent. The other 3rd party components I was thinking
> of so far are all open source.
>
> As for distributing on a VM or with an installer, I'd have to think about
> what that would mean. With my DevOps hat on, I already designed a
> multi-server, HA architecture :o)
>
> On Wed, Mar 25, 2015 at 3:48 PM, Dave Wichers <dave.wichers at owasp.org>
> wrote:
>
>> Can you make it deliverable on a VM or installable like WebGoat? I.e.,
>> there could be many copies of the web app not just one? If you do that, no
>> problem at all.
>>
>>
>>
>> And everything developed to build it is open source of course.
>>
>>
>>
>> -Dave
>>
>>
>>
>> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
>> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Mike Goodwin
>> *Sent:* Wednesday, March 25, 2015 11:22 AM
>> *To:* owasp-leaders at lists.owasp.org
>> *Subject:* [Owasp-leaders] Fwd: Is it feasible to have an OWASP project
>> that is a web application?
>>
>>
>>
>> Hello all,
>>
>>
>>
>> All the OWASP projects I have looked at are either
>>
>>    - Media projects (e.g. ASVS), or
>>    - Locally installed tools (e.g. ZAP)
>>
>> Is it feasible do you think to have a project that is a web application?
>> I am thinking about a collaborative threat modelling tool. It feels like it
>> should be a web application rather than an installed application.
>>
>>
>>
>> It seems like the cost of operating a secure multi-user web app with all
>> the hosting, backup, availability and security responsibilities that come
>> along with that would make it infeasible for an organisation like OWASP.
>>
>>
>>
>> On the other hand, it seems odd that an organisation that is about web
>> applications does not run any (other than the OWASP web site, obviously).
>>
>>
>>
>> Thoughts welcome...
>>
>>
>>
>> Mike
>>
>>
>>
>>
>>
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/e207d4a7/attachment-0001.html>


More information about the OWASP-Leaders mailing list