testing from the cloud: is the sky falling? - owasp appsec usa...
TRANSCRIPT
![Page 1: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/1.jpg)
The OWASP Foundationhttp://www.owasp.org
Testing from the Cloud: Is the sky falling?
Matt TesauroOWASP Foundation Board Member, WTE Project Lead
“In between Jobs”Soon to be at Rackspace
AppSec USA 2011
![Page 2: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/2.jpg)
2
Who's this Matt guy anyway?
Broad IT backgroundDeveloper, DBA, Sys Admin, Pen Tester, Application Security professional, CISSP, CEH, RHCE, Linux+
Long history with Linux and Open SourceContributor to many projectsLeader of OWASP Live CD / WTE
OWASP Foundation Board Member
![Page 3: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/3.jpg)
OWASP WTE: A History
![Page 4: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/4.jpg)
4
At all started that fine spring day...
![Page 5: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/5.jpg)
5
At all started that summer...
![Page 6: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/6.jpg)
6
At all started that summer...
![Page 7: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/7.jpg)
7
•Current Release•OWASP WTE Sept 2011
•Previous Releases•OWASP WTE Feb 2011•OWASP WTE Beta Jan 2010•AppSecEU May 2009•AustinTerrier Feb 2009•Portugal Release Dec 2008•SoC Release Sept 2008•Beta1 and Beta2 releases during the SoC
Note: Not all of these had ISO, VirtualBox and Vmware versions
![Page 8: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/8.jpg)
8
Other fun facts
~5,094 GB of bandwidth since launch (Jul 2008)
Most downloads in 1 month = 81,607 (Mar 2009)
Overall downloads: 330,081 (as of 2009-10-05)
![Page 9: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/9.jpg)
9
There's a new kid in town
OWASP WTE
Web Testing Environment
![Page 10: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/10.jpg)
10
The project has grown to more than just a Live CD
VMWare installs/appliancesVirtualBox installsUSB InstallsTraining EnvironmentsCloud???
Add in the transition to Ubuntu/Debian and the possibilities are endless (plus the 26,000+ packages in the repos)
![Page 11: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/11.jpg)
11
GOAL
Make application security tools and documentation easily available and easy to use
Compliment's OWASP goal to make app security visible
Design goalsEasy for users to keep updatedEasy for project lead to keep updatedEasy to produce releases (more on this later)Focused on just application security – not general pen testing
![Page 12: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/12.jpg)
What's on WTE
![Page 13: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/13.jpg)
13
![Page 14: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/14.jpg)
14
![Page 15: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/15.jpg)
15
29 “Significant” Tools Available
WapitiWeb Goat
CAL9000
JBroFuzz
DirBuster
WebSlayer
WSFuzzerWeb Scarab
OWASP Tools:
a tool for performing all types of security testing on web apps and web services
an online training environment for hands-on learning about app sec
a collection of web app sec testing tools especially encoding/decoding
a web application fuzzer for requests being made over HTTP and/or HTTPS.
a fuzzer with HTTP based SOAP services as its main target
audits the security of web apps by performing "black-box" scans
a multi threaded Java app to brute force directory and file names
A tool designed for brute-forcing web applications such as resource discovery, GET and POST fuzzing, etc
JBroFuzza web application fuzzer for requests being made over HTTP and/or HTTPS.
EnDeAn amazing collection of encoding and decoding tools as well as many other utilities
ZAP ProxyA fork of the popular but moribund Paros Proxy
![Page 16: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/16.jpg)
16
Zenmap
Paros
nmap
Wireshark
Firefox
Burp Suite
Grendel Scan
Nikto
sqlmap
SQL Brute
w3af
netcat
Httprint
Spike Proxy
Rat Proxy
Fierce Domain Scanner
Metasploit
tcpdump
Maltego CE
Other Proxies: Scanners:
Duh:
SQL-i: Others:
![Page 17: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/17.jpg)
Why is it different?
![Page 18: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/18.jpg)
18
![Page 19: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/19.jpg)
19
![Page 20: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/20.jpg)
20
![Page 21: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/21.jpg)
21
OWASP DocumentsTesting Guide v2 & v3CLASP and OpenSammTop 10 for 2010Top 10 for Java Enterprise EditionAppSec FAQBooks – tried to get all of them
CLASP, Top 10 2010, Top 10 + Testing + Legal, WebGoat and Web Scarab, Guide 2.0, Code Review
OthersWASC Threat Classification, OSTTMM 3.0 & 2.2
![Page 22: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/22.jpg)
22
![Page 23: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/23.jpg)
23
![Page 24: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/24.jpg)
24
![Page 25: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/25.jpg)
25
![Page 26: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/26.jpg)
26
![Page 27: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/27.jpg)
27
![Page 28: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/28.jpg)
What is next?
![Page 29: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/29.jpg)
29
![Page 30: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/30.jpg)
30
Cloud-ifying WTE
Cloud Provider
Ubuntu / Debian Install
WTE Repository
Fun ensues
![Page 31: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/31.jpg)
31
WTE Cloud - The12 Step Program
Currently this is all manual
12 steps to get a fully-functional WTE
~30 minutes until you are logged in
![Page 32: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/32.jpg)
32
Step 1: Get a cloud account
![Page 33: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/33.jpg)
33
Step 2: Select Ubuntu/Debian
![Page 34: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/34.jpg)
34
Step 3: Choose Name & RAM
![Page 35: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/35.jpg)
35
Step 4: Start your server
![Page 36: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/36.jpg)
36
Step 5: Install Desktop + WTE
![Page 37: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/37.jpg)
37
Step 6: More installs Add Repos & apt-get update
Ubuntu partners & WTE
Add a NX Server
ppa:freenx-team (plus a fix)
Add OWASP user
Start GDM
![Page 38: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/38.jpg)
38
Step 7: NX Client setup
![Page 39: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/39.jpg)
39
Step 8: Connect to WTE
![Page 40: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/40.jpg)
40
Step 9: WTE ala Cloud
![Page 41: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/41.jpg)
41
Step 10: Test Connectivity
![Page 42: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/42.jpg)
42
Step 11: Test the Tools
![Page 43: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/43.jpg)
43
Turn Cats into Dogs
![Page 44: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/44.jpg)
44
Step 12: Check your bill
![Page 45: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/45.jpg)
45
Cost Estimates
![Page 46: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/46.jpg)
46
Cost Estimates
Estimated for 40 hours + 1 GB transfer $4.98
Estimated for M-F by 24 hours + 1 GB transfer = $15.48
Estimated 30 days by 24 hours + 4 GB transfer = $88.32
![Page 47: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/47.jpg)
Now what?
![Page 48: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/48.jpg)
48
More Automation
Create a wte-cloud package
Wraps up all tools into 1 package
Make configuration steps into a script
Add to postinst for wte-cloud package
Get setup down to a single step
Ideally all in the wte-cloud package
![Page 49: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/49.jpg)
49
Even More Automation
Python library to abstract away differences between multiple cloud provider APIs
Cloud Servers
Cloud Storage
Cloud Load balancers
Supports 24 different providers
![Page 50: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/50.jpg)
50
More OptionsDifferent desktop installs
Minimal
Baseline
Instant WebGoat in the sky
Internal Clouds
OpenStack, Vmware, VirtualBox (headless)
![Page 51: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/51.jpg)
51
Document, Document Document
Document and post the current manual process (next week)
Create then document the Libcloud process
Tutorials for various providers
![Page 52: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/52.jpg)
Problems
![Page 53: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/53.jpg)
53
Current IssuesYikes AMD64 CPU
sqlmap is missing a dependency
WTE Firefox is for i386
NX server is a bit tricky
The WTE theme gets lost
![Page 54: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/54.jpg)
54
How can you get involved?
Join the OWASP mail list Announcements are there – low traffic
Download an ISO or VM or Cloud instanceComplain or praise, suggest improvementsSubmit a bug to the Google Code site
![Page 55: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/55.jpg)
55
How can you get involved?
Suggest missing doc or links
Do a screencast of one of the tools
Suggest some cool new tool
Create a .deb package
![Page 56: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/56.jpg)
56
Learn More...
OWASP Site http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project or just look on the OWASP project page (release quality)
http://www.owasp.org/index.php/Category:OWASP_Project
or Google “OWASP Live CD”
Download & Community Site
http://AppSecLive.org
Previously: http://mtesauro.com/livecd/
![Page 57: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/57.jpg)
57
Why do I do this?
![Page 58: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/58.jpg)
58
Questions?
http://www.sintel.org Independent film produced by the Blender Foundation using free and open software
Download it free at: Sintel
![Page 59: Testing from the Cloud: Is the sky falling? - OWASP AppSec USA …2011.appsecusa.org/p/skyfalling.pdf · 2011-10-02 · OWASP Documents Testing Guide v2 & v3 CLASP and OpenSamm Top](https://reader033.vdocuments.mx/reader033/viewer/2022041621/5e3f4f5397b2840aa2722ac5/html5/thumbnails/59.jpg)
59