This document summarizes OWASP tools that can be used for testing web applications. It discusses the OWASP Live CD, which contains various tools such as WebScarab, WebGoat, CAL9000 and others. It also mentions OWASP proxies, recon tools, scanners and utilities. The document encourages participation in the Google Summer of Code by proposing ideas and developing student projects to be mentored by OWASP.

1. OWASP alati, korišćenje alata
tokom testiranja web
aplikacija, razvoj alata
Ivan Marković
Security Consultant
OWASP
11.05.2012
Copyright © The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of the OWASP License.
The OWASP Foundation
http://www.owasp.org

2. OWASP alati
OWASP LIVE CD / OWASP Web Testing Environment
Ubuntu Linux
http://appseclive.org/
OWASP 2

3. OWASP Live CD
OWASP 3

4. OWASP Live CD spisak alata
http://appseclive.org/content/current-tool-list
WebScarab, WebGoat, CAL9000, JBroFuzz, Paros Proxy, nmap &
Zenmap, Wireshark, tcpdump, Firefox 3, Burp Suite, Grenedel-Scan,
DirBuster, SQLiX, WSFuzzer, Metasploit 3, w3af & GTK GUI for
w3af, Netcats collection, Wapiti, Nikto, Fierce Domain Scaner,
Maltego CE, Httprint, SQLBrute, Spike Proxy, Rat Proxy
OWASP 4

5. OWASP Fuzzers
OWASP 5

6. OWASP Proxies
OWASP 6

7. OWASP Recon tools
OWASP 7

8. OWASP Scanners
OWASP 8

9. OWASP Utilities
OWASP 9

10. Google Summer of Code 2012
OWASP is officialy selected as GSoC mentoring
organization
 1) Think of a good idea – For reference see GSoC 2012 Ideas
 2) Do some research yourself based on the idea, write up a
proposal draft
 3) Post it to the mailing list at gsoc@lists.owasp.org for initial
discussions with OWASP mentors.
 4) Based on feedback, write a full proposal – See template
below:https://www.owasp.org/index.php/GSoC_SAT
 5) Submit your proposal to Google from March 26–April 6, 2012.
April – August coding
OWASP 10

11. Diskusija
OWASP 11

12. Hvala
Kontakt: ivan.markovic@netsec.rs
OWASP 12