From OWASP Live CD 2008
OWASP Live CD 2008 - Summer of Code Project Wiki
The OWASP Live CD project was originally started to update the previous OWASP Live CD 2007. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made two new releases:
- the Portugal release (Dec 12, 2008) and
- the AustinTerrier release (Feb, 10, 2009)
Even with the Summer of Code and two releases complete, the project continues to add functionality, tools and further polish the existing Live CD environment. Content for the OWASP Live CD is both on this site (documentation and downloads) and on the OWASP site.
Several sub-projects have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.
For historical purposes, the original application for the SoC is available here for the curious.
Screenshots of the S0C release!
The overarching goal for this project is to make application security tools and documentation easily available. I see this as a great complement to OWASP's goal to make application security visible.
The project has several other goals going forward:
- Provide a showcase for great OWASP tools and documentation
- Provide the best, freely distributable application security tools in an easy to use package
- Ensure that the tools provided are as easy to use as possible.
- Continue to add documentation and tools to the OWASP Live CD
- Continue to document how to use the tools and how the tool modules where created.
- Align the tools provided with the OWASP Testing Guide
There were also some design goals, particularly, this should be a live CD which is
- easy for the users to keep updated
- easy for the project lead to keep updated
- easy to produce releases (I'm thinking quarterly releases going forward)
- focused on just web application testing - not general Pen Testing.
(For general Pen Testing, the gold standard is Backtrack.)
Original SoC Goals are still available for the curious.
The project has successfully completed the summer of code and produced another release beyond the SoC release. see below.
Please grab the latest iso and give it a try.
Notes on the current release
- Named the Portugal release in honor of the OWASP Summit 2008.
- Has 16 Web Application tools installed
- w3af & Web Goat Manager are the most recent additions
- Full list on the Current Tool List page
- 621 MB of Live CD goodness
The AustinTerrier release ISO is currently available owasp-livecd-AustinTerrier-Feb2009.iso.
Don't forget to check the MD5 sum!
MD5: 4831a2d2f113216e8f4c8df90a1d316f owasp-livecd-AustinTerrier-Feb2009.iso or use the file md5sum.txt
Screenshots of the SoC release!
The Portugal release ISO is currently available owasp-livecd-2008-Portugal.iso.
VMware and Virtual Box Installs
Don't forget to check those MD5 sums!! Nobody likes a bad download.
NOTE: For both VMware and Virtual Box, we are providing the hard drive file. This will allow you to configure the virtual machine appropriately for your hardware and software (Virtual Box, VMware Player/Server/ESX...). Parallels users should download the VMware install as Parallels will import VMware disks. We are in the process of documenting the setup procedures for each of these if you are not familiar with creating/configuring a new virtual machine.
How to increase the VMware drive size non-destructively.
In the near term, development is focused on completing the goals for the SoC project mentioned above. After the SoC ends, there are more plans for the Live CD which will be outlined in the Roadmap page.
The following general documentation exists:
- how I created the live CD
- Category:Making Modules
- Add modules to a running system
- Starting the SSH daemon on the Live CD
- Checking sources to avoid malicious modifications, bad downloads, etc
- How to increase the VMware drive size non-destructively.
Note there also documentation for each module's creation on the Current Tool List and the Supporting Software List. Come to think of it, there are 300+ tools listed under Potential Tool List and the pages linked from there as well.
I also have a few ToDo lists:
Presentations on the OWASP Live CD
I gave a presentation on the OWASP Live CD at the local OWASP chapter on 2008-08-26. I've put the slides on the server in the following formats:
(Note: A bug in export to PPT causes some funky symbols to be inserted when a line ends with a close parenthesis. I didn't clean up the PPT file)
Here's another presentation I gave on Open Source Tools at the local ISSA chapter. I have a few slides on the OWASP Live CD as well.
also, I created a page covering all the tools I mentioned in the slides with links, descriptions, etc. Open Source Tools Supplement
Matt Tesauro - My background
Graphic design work on the Live CD was done by:
Check out her personal website http://www.creativesolve.com