[Owasp-live-cd-2008-project] OWASP LiveCD direction

OWASP Live CD 2008 Project owasp-live-cd-2008-project at lists.owasp.org
Mon Aug 11 11:33:12 EDT 2008


Hey Matt,

I read all the info you posted, and went through the same process when I
started this a couple years ago. I think you have a good project and will
help anyway I can. However, the version I'm working on will continue to be
in Morphix, as this is the version I'm comfortable with after spending a lot
of time on the other distros.

Morphix has the ability to create *modules* and has a very similar
environment to build as SLAX but without windows support. Personally, I
prefer Debian and the CHROOT process of morphix updating.

The version I'm releasing at the OWASP conference will not be based on KDE,
and the goal is to make it smaller with more tools. I agree that app
security is the focus and OWASP is the resource, but I will continue to
include required network testing tools, and other app tools that I feel are
important. The reasoning behind this is that several testers use the CD to
perform app tests, and some infrastructure tools are generally required.
This way, you don't have to switch over to BackTrack or other tool to look
at the network side.

I will be removing other tools like VOIP, RFID, wireless, etc and merging
this into another version not related to OWASP. 

I will also be removing any ISECOM material from the LiveCD as I don't see
the value in this anymore. This will be replaced with WASC material that is
actually usable.

The old version has been downloaded 30k+ times since 2006, so there are a
lot of users taking interest in the LiveCD project(s). I hope that we can
keep these project(s) moving forward.
The problem is that it takes a lot of time to support the LiveCD, so there
has traditionally been some down-time unless there is a sponsored project
underway for the LiveCD. 

JP


-----Original Message-----
From: Matt Tesauro [mailto:mtesauro at gmail.com] 
Sent: Friday, August 01, 2008 10:14 AM
To: josh at packetfocus.com
Cc: pcoimbra at owasp.org; tomb at owasp.org; dave.wichers at owasp.org;
dinis.cruz at owasp.org; OWASP Live CD 2008
Subject: Re: OWASP LiveCD direction

Josh,

       I won't speak for OWASP - that's definitely not my place but I 
can  speak for my involvement with the SoC.  I heard about the SoC in 
one of  the local Austin OWASP chapter meetings[1].  Looking of the list 
of prioritized projects [2], I saw the Live CD and felt I was 
particularly well suited to that project.  I submitted an application 
for the Live CD project [2].  My application was selected as a SoC 
project for 2008.

      I started work and looked at the 2007 Live CD as a reference [3]. 
  I decided to go with SLAX and not keep with the distro from the 
previous Live CD.  I've detailed those reasons on the projects 
documentation wiki [5]. I believe I've made good progress on the current 
SoC project - a sentiment echoed by my reviewers on the project page [6].

      Beyond the SoC projects completion, I've got several ideas of how 
to augment the Live CD which are possible due to the modular nature of 
SLAX.  I've also got some ideas to integrate the Live CD with other 
OWASP projects.  I hope to have those ideas outlined on the project 
Wiki's Roadmap page by the weekends end [7].

      The last few weeks have been insanely busy for me (day job + 
freelance work + several family visits) so the project has been a bit 
stagnant for that period.  I'm still on track to make the SoC deadline 
but to ensure I get the best product out of the door, I've put in for a 
weeks vacation in August which will be used to complete and polish the 
Live CD.

       I believed that the previous Live CD project was dormant due to 
it being listed as a SoC 2008 prioritized project.  I apologize for not 
contacting you earlier but I assumed you moved on to other things 
(PacketFocus LLC).  That being the case, impact on your work was not 
part of my decision to migrate to SLAX.  Good luck on your presentation 
at OWASP New York.  I'd be interested in the presentation if you're 
willing to share as I wont' be able to attend.

-- Matt Tesauro

[1] http://www.owasp.org/index.php/Austin

[2] http://www.owasp.org/index.php/OWASP_Request_for_Proposal_List

[3] 
http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_
Live_CD_2008_Project

[4] https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

[5] http://mtesauro.com/livecd/index.php?title=Why_SLAX

[6] http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project

First Reviewer's Assessment at 50%:
http://www.owasp.org/index.php/Project_Information:template_Live_CD_2008_Pro
ject_-_50_Review_-_First_Reviewer_-_C

Second Reviewer's Assessment at 50%:
http://www.owasp.org/index.php/Project_Information:template_Live_CD_2008_Pro
ject_50_Review_Second_Review_E

[7] http://mtesauro.com/livecd/index.php?title=Roadmap

Joshua Perrymon wrote:
> Hey Paulo,
> 
> I wanted to contact you regarding the direction of the OWASP liveCD.
> 
> Background: Sometime in 2006 I contacted OWASP regarding the creation of 
> a LiveCD. I was in Australia at the time doing pentests and saw that 
> there was no LiveCD that focused on App Security. After several emails I 
> was given the OK and started developing the LiveCD nights and weekends. 
> Just before the first version was finished, I got SpoC sponsorship for 
> the first version of the LiveCD.   After completion, I got AoC 
> sponsorship and completed the second version.
> 
> I have been busy starting this new company and noticed the new LiveCD 
> project under current sponsorship 
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project.
> 
> I will be releasing a new version of the LiveCD at the OWASP conf in NYC 
> during my talk. Don't get me wrong, I am an avid supporter of OWASP, and 
> by no means want to get in the way of progress. But I would like to 
> maintain some level of  involvement in the LiveCD project(s).  The 
> current sponsored version has been converted from Morphix to Slax so if 
> I continue down that road with my build, I will have to redesign the 
> entire process I have developed.
> 
> If we need to keep and maintain two separate versions I'm fine with that 
> as well. Please advise on moving forward.
> 
> JP 
> 
> Joshua Perrymon, CEH, OPST, OPSA
> CEO PacketFocus LLC
> Josh at packetfocus.com <mailto:Josh at packetfocus.com>
> 1.877.PKT.FOCUS
> 1.205.994.6573
> www.packetfocus.com <http://www.packetfocus.com/>
> 
> President Alabama OWASP Chapter www.owasp.org <http://www.owasp.org/>
> Selected for "Top 5 Coolest hacks of 2007" Dark Reading/ Forbes.com
> www.linkedin.com/in/packetfocus
> 





More information about the Owasp-live-cd-2008-project mailing list