[Owasp-live-cd-2008-project] OWASP LiveCD direction
OWASP Live CD 2008 Project
owasp-live-cd-2008-project at lists.owasp.org
Mon Aug 11 11:33:12 EDT 2008
I read all the info you posted, and went through the same process when I
started this a couple years ago. I think you have a good project and will
help anyway I can. However, the version I'm working on will continue to be
in Morphix, as this is the version I'm comfortable with after spending a lot
of time on the other distros.
Morphix has the ability to create *modules* and has a very similar
environment to build as SLAX but without windows support. Personally, I
prefer Debian and the CHROOT process of morphix updating.
The version I'm releasing at the OWASP conference will not be based on KDE,
and the goal is to make it smaller with more tools. I agree that app
security is the focus and OWASP is the resource, but I will continue to
include required network testing tools, and other app tools that I feel are
important. The reasoning behind this is that several testers use the CD to
perform app tests, and some infrastructure tools are generally required.
This way, you don't have to switch over to BackTrack or other tool to look
at the network side.
I will be removing other tools like VOIP, RFID, wireless, etc and merging
this into another version not related to OWASP.
I will also be removing any ISECOM material from the LiveCD as I don't see
the value in this anymore. This will be replaced with WASC material that is
The old version has been downloaded 30k+ times since 2006, so there are a
lot of users taking interest in the LiveCD project(s). I hope that we can
keep these project(s) moving forward.
The problem is that it takes a lot of time to support the LiveCD, so there
has traditionally been some down-time unless there is a sponsored project
underway for the LiveCD.
From: Matt Tesauro [mailto:mtesauro at gmail.com]
Sent: Friday, August 01, 2008 10:14 AM
To: josh at packetfocus.com
Cc: pcoimbra at owasp.org; tomb at owasp.org; dave.wichers at owasp.org;
dinis.cruz at owasp.org; OWASP Live CD 2008
Subject: Re: OWASP LiveCD direction
I won't speak for OWASP - that's definitely not my place but I
can speak for my involvement with the SoC. I heard about the SoC in
one of the local Austin OWASP chapter meetings. Looking of the list
of prioritized projects , I saw the Live CD and felt I was
particularly well suited to that project. I submitted an application
for the Live CD project . My application was selected as a SoC
project for 2008.
I started work and looked at the 2007 Live CD as a reference .
I decided to go with SLAX and not keep with the distro from the
previous Live CD. I've detailed those reasons on the projects
documentation wiki . I believe I've made good progress on the current
SoC project - a sentiment echoed by my reviewers on the project page .
Beyond the SoC projects completion, I've got several ideas of how
to augment the Live CD which are possible due to the modular nature of
SLAX. I've also got some ideas to integrate the Live CD with other
OWASP projects. I hope to have those ideas outlined on the project
Wiki's Roadmap page by the weekends end .
The last few weeks have been insanely busy for me (day job +
freelance work + several family visits) so the project has been a bit
stagnant for that period. I'm still on track to make the SoC deadline
but to ensure I get the best product out of the door, I've put in for a
weeks vacation in August which will be used to complete and polish the
I believed that the previous Live CD project was dormant due to
it being listed as a SoC 2008 prioritized project. I apologize for not
contacting you earlier but I assumed you moved on to other things
(PacketFocus LLC). That being the case, impact on your work was not
part of my decision to migrate to SLAX. Good luck on your presentation
at OWASP New York. I'd be interested in the presentation if you're
willing to share as I wont' be able to attend.
-- Matt Tesauro
First Reviewer's Assessment at 50%:
Second Reviewer's Assessment at 50%:
Joshua Perrymon wrote:
> Hey Paulo,
> I wanted to contact you regarding the direction of the OWASP liveCD.
> Background: Sometime in 2006 I contacted OWASP regarding the creation of
> a LiveCD. I was in Australia at the time doing pentests and saw that
> there was no LiveCD that focused on App Security. After several emails I
> was given the OK and started developing the LiveCD nights and weekends.
> Just before the first version was finished, I got SpoC sponsorship for
> the first version of the LiveCD. After completion, I got AoC
> sponsorship and completed the second version.
> I have been busy starting this new company and noticed the new LiveCD
> project under current sponsorship
> I will be releasing a new version of the LiveCD at the OWASP conf in NYC
> during my talk. Don't get me wrong, I am an avid supporter of OWASP, and
> by no means want to get in the way of progress. But I would like to
> maintain some level of involvement in the LiveCD project(s). The
> current sponsored version has been converted from Morphix to Slax so if
> I continue down that road with my build, I will have to redesign the
> entire process I have developed.
> If we need to keep and maintain two separate versions I'm fine with that
> as well. Please advise on moving forward.
> Joshua Perrymon, CEH, OPST, OPSA
> CEO PacketFocus LLC
> Josh at packetfocus.com <mailto:Josh at packetfocus.com>
> www.packetfocus.com <http://www.packetfocus.com/>
> President Alabama OWASP Chapter www.owasp.org <http://www.owasp.org/>
> Selected for "Top 5 Coolest hacks of 2007" Dark Reading/ Forbes.com
More information about the Owasp-live-cd-2008-project