AppSecLive.org

Hey Everyone,

Here at AppSecLive.org, we’re gearing up for the New Year in a big way and I thought I’d take a few minutes to introduce myself and bring you, the AppSecLive.org community, up to date on what’s new in the world of the OWASP Live CD. And speaking of what’s new, I’ll bet your wondering who I am.

I’m Drew and I came aboard the OWASP Live CD project after attending a talk at the AppSec DC conference where Matt Tesauro and Brad Causey presented the existing Live CD and spoke about their plans for the coming year. At this talk, the guys spoke about wanting to shift over from a SLAX-based distribution to an Ubuntu-based distribution and outlined some of their goals with the new version of the Live CD. One of those goals they stressed was dovetailing the OWASP Live CD with the OWASP Testing Guide so that the tools on the Live CD and the test procedures in the Testing Guide more closely aligned, making it easier for you, the user, to be able to perform a web application security evaluation, while using the Testing Guide as a guide.
This really clicked with me, as I work as a contractor for the DoD, performing web security evaluations. If some of you don’t know, DISA creates “Checklists” for DoD entities to use as guidelines for testing different platforms and, in the case of web applications, DISA has specifically referenced the OWASP Testing guide many times in their Web Application Security Checklist. I thought a chance to help shape the tools that could make that job easier was something I definitely wanted to get in on at the ground floor.

So, in November 2009, I got in touch with Brad and Matt, volunteering to help. Why? Because I thought it would be great to help out the OWASP community. And what better way for an ex-UNIX admin to pitch in, than to help build a Live CD based on a Linux distribution? We’ve been having regular meetings since Thanksgiving and the new version of the distro has been coming together really well. I’ll be posting updates over the next few days detailing some of the concepts we’ve implemented (we’re not just about a Live CD anymore, folks) and some of the more ascetic changes we’ve made in customizing our own Ubuntu-based Linux distribution.

Frankly, I’m excited to be a part of this effort and I really look forward to seeing all of our efforts come to fruition. When is that going to be? We’ll be clueing you in soon. Over the course of the next few weeks, we’ll have things ironed out enough to make some announcements and let you know release schedules and the like.

For now, just keep checking back to catch some of the new OWASP eye candy we’re trying out. Will all of it make it into the new Web Testing Environment? Probably not.

But you’ve gotta check out what we’ve got so far. It is ... Off. The. Hook.

-Drew