owasp site generator refresh n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
OWASP Site Generator Refresh PowerPoint Presentation
Download Presentation
OWASP Site Generator Refresh

Loading in 2 Seconds...

play fullscreen
1 / 13

OWASP Site Generator Refresh - PowerPoint PPT Presentation


  • 177 Views
  • Uploaded on

OWASP Site Generator Refresh. towards Application Security Tool Benchmarking Environment by Dmitry Kozlov. Project goal. To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'OWASP Site Generator Refresh' - rafiki


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
owasp site generator refresh
OWASP Site Generator Refresh
  • towards Application Security Tool Benchmarking Environment
  • by Dmitry Kozlov
project goal
Project goal

To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners.

This tool should generate source code of a working web application based on a number of inputs, such as the number of pages, types of pages, functions, security controls, and backend systems. The tool should allow specification of the types and number of vulnerabilities to embed in the application.

objectives
Objectives

Site Generator improvements:

  • Enable OSG to build working application instead of existing dynamic stub approach.
  • Enable OSG to generate web application with different backends: ASP, Java, etc.
  • Improve OSG GUI.
  • Enable generated web application to log all requests received.
  • Create backend-independent library of web application building blocks: navigation elements and vulnerabilities.
project contribution
Project contribution
  • New OSG v2: generates source code for application, new GUI.
  • Ability to generate .Net and JSP web applications.
  • Library of vulnerabilities based on NIST and old OSG, library of navigational elements.
status and future steps
Status and Future Steps

Alfa, problems with reviewers, unfinished.

UNFINISHED:

  • Testing and documenting
  • Design of generated sites

Future work:

  • Site “logic”, interconnected building blocks to perform for example second order injections
  • More interesting site templates