WebApp Sec mailing list archives
OWASP Portal Beta Site and OWASP Update
From: Mark Curphey <mark () curphey com>
Date: Tue, 24 Jun 2003 12:36:01 -0400 (EST)
As David mentioned and I am sure you can now see there has been a huge amount of work going on behind the scenes at OWASP. It explains why the old tired static site wasnt being updated in a while and why things have been quieter than normal! David, Ben and Ingo (and Jeff Williams crew) have done a great job on the portal and we think it will provide the platform from which we can build OWASP in the future. We intentionally needed to step back from a few projects and get this done before we simply crashed with an un-maintainable site that couldnt do what we wanted to do. The news, the forums and other stuff really will make for a great web app sec site and when its ready to serve as a reference secure portal with code available to download, we think the effort will have been truly worthwhile. We are still a way from it being in a state where we want it to be www.owasp.org but with contributions and feedback from everyone it can grow into a fully functioning and secure portal for all things web app sec. To be clear we are not claiming its secure yet, but it will be! It needs testing. If you find an issue pump it back to the developers and they will take care of it in the code base. David and Ben are providing commercial services to deploy code using the oPortal framework and as they find issues they will all get pumped back in and everyone will gain. Please dont go reporting the latest issue to bugtraq and claiming your 15 mins of fame. It is genuinely a beta site. Not a honeypot for students but its is a beta site! Its being put out there to iron out the wrinkles. If you find an issue you will of course be credited in the issues log. Also to follow on from Davids mail, we are actively looking for an additional sponsor to pay or provide hosting and two additional servers to move this into an HA environment when it comes out of beta. If you are interested then please contact me via email. Other OWASP News You can now read the working version of the Guide Version 2 on the beta site. Its all rendered from XML DocBook using XSLT in real time so will change when the code is synced. Feel free to browse but please bear in mind this is a working doc. It is a significant re-write from Version 1.1.1 with much more content and many chapters either already or being re-written totally. Special thanks to Jeremy Poteet, Adrian Wiesmann (spelt correct) and Ray Stirbei for sterling efforts. The Guide Version 2.0 will be published by No Starch Press and continue to be fully free under the GPL and FSF copyright. We expect September. Again, a big thank you to all who are involved at OWASP. We have lots of good things planned in the coming year! ---- David Raphael <david.raphael () ceterum net> wrote:
Hello Everyone! As mentioned previously by Mark Curphey (this list's moderator, OWASP Founder), myself, Ben Poweski, and Ingo Struck have been developing a Portal Framework with security as a theme. We have been working since Q4 of last year to present. And I want everybody to understand that this is a best-effort from mere mortals ;) Here is the URL: http://beta.owasp.org Please understand that there *are* bugs and most likely a bunch of things that we have missed, or have not gotten to work on as of yet. Here is what is currently working: Caching Framework XSL Document Transformation Framework Docbook Presentation Framework (Currently supports PDF and HTML) RDF/RSS News Feeds (incoming and outgoing) Full Text Searching Content Management Here is what will be ready in the full release (And current Status): Forums (50% complete) Document Workflow Management (50% Complete) User Management (50% Complete) Session Management with Proper Preventative Measures (20% Complete) Complete Filtering Toolkit (20% Complete) Day by day we are completing the above features. However they are extremely complex to implement correctly. I am extremely proud of our effort and I look forward to improving the maturity of oPortal everyday. Keeping in mind that we will have a full release within 12 months of inception, I feel that we have accomplished an daunting task! We hope to grow oPortal into the #1 Open Source standards based Portal Framework. Regards, David Raphael oPortal Architect / Designer / Evangelist and Ben Poweski oPortal Developer / Infrastructure Specialist / Design Guru
Current thread:
- OWASP Portal Beta Site and OWASP Update Mark Curphey (Jun 24)