Main Page

From OWASP Live CD 2008

Jump to: navigation, search

OWASP Live CD 2008 - Summer of Code Project Wiki

Contents

Overview

The OWASP Live CD project was originally started to update the previous OWASP Live CD 2007. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made two new releases:

  • the Portugal release (Dec 12, 2008) and
  • the AustinTerrier release (Feb, 10, 2009)

Even with the Summer of Code and two releases complete, the project continues to add functionality, tools and further polish the existing Live CD environment. Content for the OWASP Live CD is both on this site (documentation and downloads) and on the OWASP site.

Several sub-projects have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.

For historical purposes, the original application for the SoC is available here for the curious.

Screenshots of the S0C release!

Project Goals

The overarching goal for this project is to make application security tools and documentation easily available. I see this as a great complement to OWASP's goal to make application security visible.

The project has several other goals going forward:

  1. Provide a showcase for great OWASP tools and documentation
  2. Provide the best, freely distributable application security tools in an easy to use package
  3. Ensure that the tools provided are as easy to use as possible.
  4. Continue to add documentation and tools to the OWASP Live CD
  5. Continue to document how to use the tools and how the tool modules where created.
  6. Align the tools provided with the OWASP Testing Guide

There were also some design goals, particularly, this should be a live CD which is

  • easy for the users to keep updated
  • easy for the project lead to keep updated
  • easy to produce releases (I'm thinking quarterly releases going forward)
  • focused on just web application testing - not general Pen Testing.

(For general Pen Testing, the gold standard is Backtrack.)

Original SoC Goals are still available for the curious.

Project Status

The project has successfully completed the summer of code and produced another release beyond the SoC release. see below.
Please grab the latest iso and give it a try.

Feedback

Preferably, send feedback to our OWASP mail list or directly to the project lead. (See the project page at OWASP for contact info.)

Notes on the current release

  • Named the Portugal release in honor of the OWASP Summit 2008.
  • Has 16 Web Application tools installed
    • w3af & Web Goat Manager are the most recent additions
    • Full list on the Current Tool List page
  • 621 MB of Live CD goodness

Features

Downloads

ISO Images

Latest Release
The AustinTerrier release ISO is currently available owasp-livecd-AustinTerrier-Feb2009.iso.

Don't forget to check the MD5 sum!
MD5: 4831a2d2f113216e8f4c8df90a1d316f owasp-livecd-AustinTerrier-Feb2009.iso or use the file md5sum.txt

Screenshots of the SoC release!

The Portugal release ISO is currently available owasp-livecd-2008-Portugal.iso.

VMware and Virtual Box Installs

Austin Terrier VMware Install: owasp-livecd-AustinTerrier-Feb2009.vmdk.rar
f2860c95bcfdb9a313d09a4401948157 owasp-livecd-AustinTerrier-Feb2009.vmdk.rar or use the file md5sum.txt

Austin Terrier Virtual Box Install: owasp-livecd-AustinTerrier-Feb2009.vdi.rar
99e2de8103107d4e6888d40c5c0e20b8 owasp-livecd-AustinTerrier-Feb2009.vdi.rar or use the file md5sum.txt

Don't forget to check those MD5 sums!! Nobody likes a bad download.

NOTE: For both VMware and Virtual Box, we are providing the hard drive file. This will allow you to configure the virtual machine appropriately for your hardware and software (Virtual Box, VMware Player/Server/ESX...). Parallels users should download the VMware install as Parallels will import VMware disks. We are in the process of documenting the setup procedures for each of these if you are not familiar with creating/configuring a new virtual machine.

How to increase the VMware drive size non-destructively.

News

For the latest news and updates, please join our OWASP mail list or look at the archives.

Future Development

In the near term, development is focused on completing the goals for the SoC project mentioned above. After the SoC ends, there are more plans for the Live CD which will be outlined in the Roadmap page.

Documentation

The following general documentation exists:

Note there also documentation for each module's creation on the Current Tool List and the Supporting Software List. Come to think of it, there are 300+ tools listed under Potential Tool List and the pages linked from there as well.

I also have a few ToDo lists:


Presentations on the OWASP Live CD

I gave a presentation on the OWASP Live CD at the local OWASP chapter on 2008-08-26. I've put the slides on the server in the following formats:

(Note: A bug in export to PPT causes some funky symbols to be inserted when a line ends with a close parenthesis. I didn't clean up the PPT file)

Here's another presentation I gave on Open Source Tools at the local ISSA chapter. I have a few slides on the OWASP Live CD as well.

also, I created a page covering all the tools I mentioned in the slides with links, descriptions, etc. Open Source Tools Supplement

Project Lead

Matt Tesauro - My background

Project Reviewers

Dustin Dykes
Kent Poots

Project Contributors

Graphic design work on the Live CD was done by:

Nishi Kumar
(Ugly looking email address is all Matt's fault).

Check out her personal website http://www.creativesolve.com

Personal tools