owasp site generator refresh
DESCRIPTION
OWASP Site Generator Refresh. towards Application Security Tool Benchmarking Environment by Dmitry Kozlov. Project goal. To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners. - PowerPoint PPT PresentationTRANSCRIPT
OWASP Site Generator Refresh
towards Application Security Tool Benchmarking Environment
by Dmitry Kozlov
Project goal
To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners.
This tool should generate source code of a working web application based on a number of inputs, such as the number of pages, types of pages, functions, security controls, and backend systems. The tool should allow specification of the types and number of vulnerabilities to embed in the application.
Objectives
Site Generator improvements:• Enable OSG to build working application instead of existing
dynamic stub approach. • Enable OSG to generate web application with different
backends: ASP, Java, etc. • Improve OSG GUI. • Enable generated web application to log all requests
received. • Create backend-independent library of web application
building blocks: navigation elements and vulnerabilities.
Project contribution
• New OSG v2: generates source code for application, new GUI.
• Ability to generate .Net and JSP web applications.
• Library of vulnerabilities based on NIST and old OSG, library of navigational elements.
Status and Future Steps
Alfa, problems with reviewers, unfinished.
UNFINISHED:• Testing and documenting• Design of generated sites
Future work:• Site “logic”, interconnected building blocks to perform for
example second order injections• More interesting site templates