ANNOUNCING: OWASP iGoat initial public release, version 1.0

[Kenneth Van Wyk <ken () krvw com>]

Greetings all.

Yesterday, we put out the first public release of the OWASP iGoat project. This message is a brief description and call 
for participants in the project.


Background

The iGoat tool is a learning tool, primarily meant for iOS developers (but also useful to IT security practitioners, 
security architects, and others who simply want to learn about iOS security). It takes its name and inspiration from 
the venerable OWASP WebGoat tool. 

Like WebGoat, iGoat users explore a number of security weaknesses in iOS by exploiting them first. Then, once each 
weakness has been explored, the iGoat user must implement a remediation to protect against each weakness and validate 
that the remediation was successful--similar to the WebGoat Developer Edition.

Hints and other background information are provided, right down to commented solutions in the source code, so that 
developers can use iGoat as a self-study learning tool to explore and understand iOS weaknesses and how to avoid them.

Further, the iGoat platform was specifically designed and built to be as easily extensible as possible, so that new 
exercises can be easily built and integrated over time.

iGoat was sponsored and initially developed by KRvW Associates, LLC (www.krvw.com), and is being released under GPLv3 
licensing to the community.



Status

With the first public release, we've included several initial exercises and exercise categories. These include such 
well known topics as SQL Injection, secure communications, etc. We plan to further integrate another handful of 
exercises in the short term, as well as make several improvements to the user interface.

In the short term, we'll also be adding more documentation in the form of HOWTO documents that will cover how to 
install and use iGoat, as well as how to add new exercises to it.

No doubt, further improvements will quickly surface as the community starts using the tool...


Project Site

iGoat can be found at: https://www.owasp.org/index.php/OWASP_iGoat_Project

All releases and source code are on Google Code. See the project home page above for further details.



Call for Participation

The iGoat team would like to invite anyone interested to participate and contribute to iGoat's further development. 
Please contact the project leader, Ken van Wyk (ken () krvw com) if you wish to contribute to the project.



Mailing List

An open, unmoderated forum has been set up for the iGoat project. To subscribe, see 
https://lists.owasp.org/mailman/listinfo/owasp-igoat-project



Cheers,

Ken

-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com

Follow us on Twitter at: http://twitter.com/KRvW_Associates

Attachment: smime.p7s
Description:

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________