[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

Jack Mannino jack.mannino at owasp.org
Wed Mar 25 17:22:40 UTC 2015


Docker/Vagrant also makes life pretty easy for spinning things up painlessly.

Railsgoat has support for this type of setup, if you're curious how to do it.

https://github.com/OWASP/railsgoat

Sent from my iPhone

> On Mar 25, 2015, at 1:09 PM, Jerry Hoff <jerry at owasp.org> wrote:
> 
> And it's already included on the OWASP broken web application VM :)
> 
> --
> Jerry Hoff
> jerry at owasp.com
> @jerryhoff
> 
>> Il giorno 25/mar/2015, alle ore 13:00, johanna curiel curiel <johanna.curiel at owasp.org> ha scritto:
>> 
>> Webgoat It uses Mono and you can run it with a version of MS express web
>> 
>>> On Wed, Mar 25, 2015 at 12:11 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>> Webgoat.net is open sourced. :) Not sure what language specifically, but it was written by jerry.hoff at owasp.org. There are several other webgoats...
>>> 
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>> 
>>>> On Mar 25, 2015, at 10:08 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>>>> 
>>>> Hmm. Open source...
>>>> 
>>>> I was going to use ASP.Net since that is what I'm best at. Would that be allowed? It is open source now. WebGoat.Net is .Net (obviously) so I assumed that was a precedent. The other 3rd party components I was thinking of so far are all open source.
>>>> 
>>>> As for distributing on a VM or with an installer, I'd have to think about what that would mean. With my DevOps hat on, I already designed a multi-server, HA architecture :o)
>>>> 
>>>>> On Wed, Mar 25, 2015 at 3:48 PM, Dave Wichers <dave.wichers at owasp.org> wrote:
>>>>> Can you make it deliverable on a VM or installable like WebGoat? I.e., there could be many copies of the web app not just one? If you do that, no problem at all.
>>>>> 
>>>>>  
>>>>> 
>>>>> And everything developed to build it is open source of course.
>>>>> 
>>>>>  
>>>>> 
>>>>> -Dave
>>>>> 
>>>>>  
>>>>> 
>>>>> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mike Goodwin
>>>>> Sent: Wednesday, March 25, 2015 11:22 AM
>>>>> To: owasp-leaders at lists.owasp.org
>>>>> Subject: [Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?
>>>>> 
>>>>>  
>>>>> 
>>>>> Hello all,
>>>>> 
>>>>>  
>>>>> 
>>>>> All the OWASP projects I have looked at are either
>>>>> 
>>>>> Media projects (e.g. ASVS), or
>>>>> Locally installed tools (e.g. ZAP)
>>>>> Is it feasible do you think to have a project that is a web application? I am thinking about a collaborative threat modelling tool. It feels like it should be a web application rather than an installed application.
>>>>> 
>>>>>  
>>>>> 
>>>>> It seems like the cost of operating a secure multi-user web app with all the hosting, backup, availability and security responsibilities that come along with that would make it infeasible for an organisation like OWASP.
>>>>> 
>>>>>  
>>>>> 
>>>>> On the other hand, it seems odd that an organisation that is about web applications does not run any (other than the OWASP web site, obviously).
>>>>> 
>>>>>  
>>>>> 
>>>>> Thoughts welcome...
>>>>> 
>>>>>  
>>>>> 
>>>>> Mike
>>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/0d1636ce/attachment-0001.html>


More information about the OWASP-Leaders mailing list