WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

OWASP Portal Beta Site and OWASP Update

From: Mark Curphey <mark () curphey com>
Date: Tue, 24 Jun 2003 12:36:01 -0400 (EST)
As David mentioned and I am sure you can now see there has been a huge amount of work going on behind the scenes at 
OWASP. It explains why the old tired static site wasn’t being updated in a while and why things have been quieter than 
normal! 

David, Ben and Ingo (and Jeff Williams crew) have done a great job on the portal and we think it will provide the 
platform from which we can build OWASP in the future.  We intentionally needed to step back from a few projects and get 
this done before we simply crashed with an un-maintainable site that couldn’t do what we wanted to do. The news, the 
forums and other stuff really will make for a great web app sec site and when its ready to serve as a reference secure 
portal with code available to download, we think the effort will have been truly worthwhile. 

We are still a way from it being in a state where we want it to be www.owasp.org but with contributions and feedback 
from everyone it can grow into a fully functioning and secure portal for all things web app sec. To be clear we are not 
claiming its secure yet, but it will be! It needs testing. If you find an issue pump it back to the developers and they 
will take care of it in the code base. David and Ben are providing commercial services to deploy code using the oPortal 
framework and as they find issues they will all get pumped back in and everyone will gain. Please don’t go reporting 
the latest issue to bugtraq and claiming your 15 mins of fame. It is genuinely a beta site. Not a honeypot for students 
but its is a beta site! Its being put out there to iron out the wrinkles. If you find an issue you will of course be 
credited in the issues log.

Also to follow on from David’s mail, we are actively looking for an additional sponsor to pay or provide hosting and 
two additional servers to move this into an HA environment when it comes out of beta. If you are interested then please 
contact me via email.

Other OWASP News
You can now read the working version of the Guide Version 2 on the beta site. It’s all rendered from XML DocBook using 
XSLT in real time so will change when the code is synced. Feel free to browse but please bear in mind this is a working 
doc. It is a significant re-write from Version 1.1.1 with much more content and many chapters either already or being 
re-written totally. Special thanks to Jeremy Poteet, Adrian Wiesmann (spelt correct) and Ray Stirbei for sterling 
efforts. The Guide Version 2.0 will be published by No Starch Press and continue to be fully free under the GPL and FSF 
copyright. We expect September.

Again, a big thank you to all who are involved at OWASP. We have lots of good things planned in the coming year!


---- David Raphael <david.raphael () ceterum net> wrote:

Hello Everyone!

As mentioned previously by Mark Curphey (this list's moderator, OWASP 
Founder), myself, Ben Poweski, and Ingo Struck have been developing a 
Portal Framework with security as a theme.  We have been working since 
Q4 of last year to present.  And I want everybody to understand that 
this is a best-effort from mere mortals ;)

Here is the URL:

http://beta.owasp.org


Please understand that there *are* bugs and most likely a bunch of 
things that we have missed, or have not gotten to work on as of yet.

Here is what is currently working:

Caching Framework
XSL Document Transformation Framework
Docbook Presentation Framework (Currently supports PDF and HTML)
RDF/RSS News Feeds  (incoming and outgoing)
Full Text Searching
Content Management

Here is what will be ready in the full release (And current Status):

Forums (50% complete)
Document Workflow Management (50% Complete)
User Management (50% Complete)
Session Management with Proper Preventative Measures (20% Complete)
Complete Filtering Toolkit (20% Complete)


Day by day we are completing the above features.  However they are 
extremely complex to implement correctly.


I am extremely proud of our effort and I look forward to improving the 
maturity of oPortal everyday.  Keeping in mind that we will have a full 
release within 12 months of inception, I feel that we have accomplished 
an daunting task!

We hope to grow oPortal into the #1 Open Source standards based Portal 
Framework.

Regards,

David Raphael
oPortal Architect / Designer / Evangelist

and

Ben Poweski
oPortal Developer / Infrastructure Specialist / Design Guru
Previous By Date Next
Previous By Thread Next

Current thread: