OWASP OWTF
OWTF is taking part in the Google Summer of Code 2021 ! If you’d like to participate then see the OWASP Google Summer of Code 2021 Ideas page!
OWTF aims to make pen testing:
- Aligned with OWASP Testing Guide + PTES + NIST
- More efficient
- More comprehensive
- More creative and fun (minimise un-creative work)
so that pentesters will have more time to
- See the big picture and think out of the box
- More efficiently find, verify and combine vulnerabilities
- Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
- Perform more tactical/targeted fuzzing on seemingly risky areas
- Demonstrate true impact despite the short timeframes we are typically given to test.
The latest version of OWASP OWTF is OWTF v2.5.0.
OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:
- To improve security testing efficiency (i.e. test more in less time)
- To improve security testing coverage (i.e. test more)
- Gradually integrate the best tools
- Unite the best tools and make them work together with the security tester
- Remove or Reduce the need to babysit security tools during security assessments
- Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
- Help penetration testers save time on report writing
Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Send us a pull request
- Give us feedback / suggestions / report bugs
- Talk to us on Slack (#owtf or #project-owtf)
- Join our OWTF developers mailing list
- Join the general OWTF mailing list
ToolsWatch Annual Best Free/Open Source Security Tool Survey:
- April 6th, 2017 - OWTF 2.1a “Chicken Korma” is here!
- April 6th, 2017 - OWTF 2.1a “Chicken Korma” is here!
- May 7th, 2016 - OWTF 2.0a “Tikka Masala” is here!
-
May 7th, 2016 - OWTF 2.0a “Tikka Masala” is here!
- February 29th, 2016 - OWASP is selected for GSoC 2016 - OWTF is participating!
-
February 29th, 2016 - OWASP is selected for GSoC 2016 - OWTF is participating!
- July 10th, 2015 - OWTF got 3 slots in the OWASP Summer Code Sprint 2015!
-
July 10th, 2015 - OWTF got 3 slots in the OWASP Summer Code Sprint 2015!
- June 19th, 2015 - OWTF is taking part in the OWASP Summer Code Sprint 2015
-
June 19th, 2015 - OWTF is taking part in the OWASP Summer Code Sprint 2015
- October 15, 2014 - OWTF is taking part in the OWASP Winter Code Sprint!
-
October 15, 2014 - OWTF is taking part in the OWASP Winter Code Sprint!
- October 15, 2014 - OWTF 1.0.1 “Lionheart” released! - Fixed a major installation bug caused due to wrong handling of requirements by pip
-
October 15, 2014 - OWTF 1.0.1 “Lionheart” released! - Fixed a major installation bug caused due to wrong handling of requirements by pip
- October 5th 2014 - OWTF 1.0 “Lionheart” released!
-
October 5th 2014 - OWTF 1.0 “Lionheart” released!
- September 26th 2014 - OWTF 1.0 “Lionheart” presented at Brucon!
-
September 26th 2014 - OWTF 1.0 “Lionheart” presented at Brucon!
- September 4th 2014 - - OWTF participating in OWASP Winter Code Sprint
-
September 4th 2014 - - OWTF participating in OWASP Winter Code Sprint
- January 13th 2014 - OWTF 0.45.0 “Winter Blizzard” released!
-
January 13th 2014 - OWTF 0.45.0 “Winter Blizzard” released!
- December 11th 2013 - OWASP OWTF CFP funds contest WINNERS announced
-
December 11th 2013 - OWASP OWTF CFP funds contest WINNERS announced
- September 8th 2013 - OWASP OWTF CFP funds contest open!
-
September 8th 2013 - OWASP OWTF CFP funds contest open!
- August 22nd-23rd 2013 - Introducing OWASP OWTF 5x5 @ OWASP AppSec EU
-
August 22nd-23rd 2013 - Introducing OWASP OWTF 5x5 @ OWASP AppSec EU
- August 9th 2013 - OWTF 0.30 “Summer Storm II” released!
-
August 9th 2013 - OWTF 0.30 “Summer Storm II” released!
- July 1st 2013 - OWTF 0.20 “Summer Storm I” released!
-
July 1st 2013 - OWTF 0.20 “Summer Storm I” released!
- June 12th 2013 - OWASP OWTF GSoC Selection, Stats and Poll
-
June 12th 2013 - OWASP OWTF GSoC Selection, Stats and Poll
- May 24th 2013 - OWASP OWTF 0.16 “shady citizen” released, now working smoothly in Kali!
-
May 24th 2013 - OWASP OWTF 0.16 “shady citizen” released, now working smoothly in Kali!
- April 22nd - May 3rd 2013 - Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013
-
April 22nd - May 3rd 2013 - Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013
- April 24th 2013 - Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013
-
April 24th 2013 - Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013
- February 26th 2013 - OWASP OWTF selected to be supported by Brucon 5x5
-
February 26th 2013 - OWASP OWTF selected to be supported by Brucon 5x5
- September 26th 2012 - OWASP OWTF Workshop at Brucon
-
September 26th 2012 - OWASP OWTF Workshop at Brucon
- September 24th 2012 - OWASP OWTF 0.15 BruCon released!
- September 24th 2012 - OWASP OWTF 0.15 BruCon released!
We have been helped by many organizations, either financially or through other means:
- OWASP
- eLearnSecurity
- BruCon
- Browserstack for providing a platform to test OWTF on multiple devices!
The following links provide access to materials for OWTF talks (video, slides, etc.):
- OWTF Talks at 7-a.org
- You can see what OWASP OWTF is here - http://www.youtube.com/embed/H6Ut8U9a5KE
- OWASP OWTF 1.0 “Lionheart” - Brucon 2014 5x5 - https://www.youtube.com/embed/j2UoAsOLMB4
- OWASP AppSec EU 2013: Introducing OWASP OWTF 5x5 - http://www.youtube.com/embed/Vpca4-OlZqs
- OWTF Playlists with Demos/Talks on Youtube
- Some OWTF presentation slides
- More OWTF Talk links
For more videos please see the YouTube channel