[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

Jerry Hoff jerry at owasp.org
Wed Mar 25 17:09:30 UTC 2015


And it's already included on the OWASP broken web application VM :)

--
Jerry Hoff
jerry at owasp.com
@jerryhoff

> Il giorno 25/mar/2015, alle ore 13:00, johanna curiel curiel <johanna.curiel at owasp.org> ha scritto:
> 
> Webgoat It uses Mono and you can run it with a version of MS express web
> 
>> On Wed, Mar 25, 2015 at 12:11 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> Webgoat.net is open sourced. :) Not sure what language specifically, but it was written by jerry.hoff at owasp.org. There are several other webgoats...
>> 
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>>> On Mar 25, 2015, at 10:08 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>>> 
>>> Hmm. Open source...
>>> 
>>> I was going to use ASP.Net since that is what I'm best at. Would that be allowed? It is open source now. WebGoat.Net is .Net (obviously) so I assumed that was a precedent. The other 3rd party components I was thinking of so far are all open source.
>>> 
>>> As for distributing on a VM or with an installer, I'd have to think about what that would mean. With my DevOps hat on, I already designed a multi-server, HA architecture :o)
>>> 
>>>> On Wed, Mar 25, 2015 at 3:48 PM, Dave Wichers <dave.wichers at owasp.org> wrote:
>>>> Can you make it deliverable on a VM or installable like WebGoat? I.e., there could be many copies of the web app not just one? If you do that, no problem at all.
>>>> 
>>>>  
>>>> 
>>>> And everything developed to build it is open source of course.
>>>> 
>>>>  
>>>> 
>>>> -Dave
>>>> 
>>>>  
>>>> 
>>>> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mike Goodwin
>>>> Sent: Wednesday, March 25, 2015 11:22 AM
>>>> To: owasp-leaders at lists.owasp.org
>>>> Subject: [Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?
>>>> 
>>>>  
>>>> 
>>>> Hello all,
>>>> 
>>>>  
>>>> 
>>>> All the OWASP projects I have looked at are either
>>>> 
>>>> Media projects (e.g. ASVS), or
>>>> Locally installed tools (e.g. ZAP)
>>>> Is it feasible do you think to have a project that is a web application? I am thinking about a collaborative threat modelling tool. It feels like it should be a web application rather than an installed application.
>>>> 
>>>>  
>>>> 
>>>> It seems like the cost of operating a secure multi-user web app with all the hosting, backup, availability and security responsibilities that come along with that would make it infeasible for an organisation like OWASP.
>>>> 
>>>>  
>>>> 
>>>> On the other hand, it seems odd that an organisation that is about web applications does not run any (other than the OWASP web site, obviously).
>>>> 
>>>>  
>>>> 
>>>> Thoughts welcome...
>>>> 
>>>>  
>>>> 
>>>> Mike
>>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/1f4ac99c/attachment.html>


More information about the OWASP-Leaders mailing list