[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

Eoin Keary eoin.keary at owasp.org
Wed Mar 25 19:43:02 UTC 2015


I really like railsgoat as a training aid, coupled with DVWA webgoat (Java) Dev edition.


Eoin Keary
BCC Risk Advisory - edgescan
CTO


> On 25 Mar 2015, at 17:22, Jack Mannino <jack.mannino at owasp.org> wrote:
> 
> Docker/Vagrant also makes life pretty easy for spinning things up painlessly.
> 
> Railsgoat has support for this type of setup, if you're curious how to do it.
> 
> https://github.com/OWASP/railsgoat
> 
> Sent from my iPhone
> 
>> On Mar 25, 2015, at 1:09 PM, Jerry Hoff <jerry at owasp.org> wrote:
>> 
>> And it's already included on the OWASP broken web application VM :)
>> 
>> --
>> Jerry Hoff
>> jerry at owasp.com
>> @jerryhoff
>> 
>>> Il giorno 25/mar/2015, alle ore 13:00, johanna curiel curiel <johanna.curiel at owasp.org> ha scritto:
>>> 
>>> Webgoat It uses Mono and you can run it with a version of MS express web
>>> 
>>>> On Wed, Mar 25, 2015 at 12:11 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>> Webgoat.net is open sourced. :) Not sure what language specifically, but it was written by jerry.hoff at owasp.org. There are several other webgoats...
>>>> 
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>> 
>>>>> On Mar 25, 2015, at 10:08 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>>>>> 
>>>>> Hmm. Open source...
>>>>> 
>>>>> I was going to use ASP.Net since that is what I'm best at. Would that be allowed? It is open source now. WebGoat.Net is .Net (obviously) so I assumed that was a precedent. The other 3rd party components I was thinking of so far are all open source.
>>>>> 
>>>>> As for distributing on a VM or with an installer, I'd have to think about what that would mean. With my DevOps hat on, I already designed a multi-server, HA architecture :o)
>>>>> 
>>>>>> On Wed, Mar 25, 2015 at 3:48 PM, Dave Wichers <dave.wichers at owasp.org> wrote:
>>>>>> Can you make it deliverable on a VM or installable like WebGoat? I.e., there could be many copies of the web app not just one? If you do that, no problem at all.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> And everything developed to build it is open source of course.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> -Dave
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mike Goodwin
>>>>>> Sent: Wednesday, March 25, 2015 11:22 AM
>>>>>> To: owasp-leaders at lists.owasp.org
>>>>>> Subject: [Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Hello all,
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> All the OWASP projects I have looked at are either
>>>>>> 
>>>>>> Media projects (e.g. ASVS), or
>>>>>> Locally installed tools (e.g. ZAP)
>>>>>> Is it feasible do you think to have a project that is a web application? I am thinking about a collaborative threat modelling tool. It feels like it should be a web application rather than an installed application.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> It seems like the cost of operating a secure multi-user web app with all the hosting, backup, availability and security responsibilities that come along with that would make it infeasible for an organisation like OWASP.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> On the other hand, it seems odd that an organisation that is about web applications does not run any (other than the OWASP web site, obviously).
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Thoughts welcome...
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Mike
>>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/872923a4/attachment-0001.html>


More information about the OWASP-Leaders mailing list