OWASP O2 Platform

The OWASP O2 Platform is an OWASP Project which is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile. The objective is to 'Automate Application Security Knowledge and Workflows"
To gain a better understanding of what is O2? start with this presentation and then read this presentation [http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/O2%20Modules%20Presentation%20V1.0.pdf OWASP O2 Platform Modules]
The OWASP O2 Website is hosted at the OWASP WIKI: http://www.owasp.org/index.php/OWASP_O2_Platform and the code is hosted at Google Code: http://code.google.com/p/o2platform/
History
Originally O2 (OunceOpen) originated from OunceLabs Advanced Research Team (ART) work, and aims to push to the limit the power of multiple Static Analysis engines.
These tools have been developed by Security Professionals FOR security professionals, and are designed to automate the security consultant's brain
External (to OWASP) O2 website
O2 has a sister (to OWASP) website which contains additional documentation, downloads and O2-related blogs: http://www.o2-ounceopen.com
===Try O2!===
Download the latest version of the Binaries, Installers or Source Code (from Files (Binaries, Source and Demos))
* Binaries: [http://www.o2-ounceopen.com/files-binaries-source-and-demo/_Bin_O2_Binaries%20%2009-Nov-09.zip _Bin_(O2_Binaries) 09-Nov-09.zip]
* Source Code: [http://www.o2-ounceopen.com/files-binaries-source-and-demo/_O2_Installers%2009-Nov-09.zip _SourceCode_O2 09-Nov-09.zip]
* MSI Installers: [http://www.o2-ounceopen.com/files-binaries-source-and-demo/_O2_Installers%2009-Nov-09.zip _O2_Installers 09-Nov-09.zip]
Or can install the most commonly used O2 Modulesdirectly from the web (using Click Once) at http://deploy.o2-ounceopen.com/:
* Tool - XRules - O2's eXtended rules environment which allows the execution and edition of complex security analysis workflows
* - Support for Spring's Framework MVC
* - Powerful viewer and editor for Ounce's Rules
* - Powerful Filter and Editor for Ozasmt files
* - View and create (for .NET) CIR (Common Intermediate Representation) Objects
* - RegEx text search based GUI
* - Edit and Debug c# Scripts
* O2_Tool_DotNetCallbacksMaker- Automatically create Ounce Rules for .NET Callbacks
* - Filter Ozasmt files using LAMDA like queries
* - Write O2 scripts in Java
* - Join traces (for example .NET and Web and Web Services layer)
* - Write O2 scripts in Python
* - O2 scripts editor (includes O2 Object Model)
* O2_WebInspect(PoC of Integrating Ounce's & WebInspect's assessment data)
For demos try these
* [http://www.o2-ounceopen.com/files-binaries-source-and-demo/files-for-o2-demostests/O2%20demo%20Pack%20-%2025%20Nov.zip O2 demo Pack 25_11_2008.zip]
* Updated version of HacmeBank
* Apps To Scan (directory)
* Demo files (directory)
* External tool (usually used when building Test environments or Student VMs)
 
< Prev   Next >