1 / 13

OWASP Site Generator Refresh

OWASP Site Generator Refresh. towards Application Security Tool Benchmarking Environment by Dmitry Kozlov. Project goal. To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners.

rafiki
Download Presentation

OWASP Site Generator Refresh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Site Generator Refresh • towards Application Security Tool Benchmarking Environment • by Dmitry Kozlov

  2. Project goal To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners. This tool should generate source code of a working web application based on a number of inputs, such as the number of pages, types of pages, functions, security controls, and backend systems. The tool should allow specification of the types and number of vulnerabilities to embed in the application.

  3. Objectives Site Generator improvements: • Enable OSG to build working application instead of existing dynamic stub approach. • Enable OSG to generate web application with different backends: ASP, Java, etc. • Improve OSG GUI. • Enable generated web application to log all requests received. • Create backend-independent library of web application building blocks: navigation elements and vulnerabilities.

  4. Project contribution • New OSG v2: generates source code for application, new GUI. • Ability to generate .Net and JSP web applications. • Library of vulnerabilities based on NIST and old OSG, library of navigational elements.

  5. Status and Future Steps Alfa, problems with reviewers, unfinished. UNFINISHED: • Testing and documenting • Design of generated sites Future work: • Site “logic”, interconnected building blocks to perform for example second order injections • More interesting site templates

More Related