Thursday, June 16, 2011

OWASP iGoat 1.0

(From Ken van Wyk)
Greetings all.
Yesterday, we put out the first public release of the OWASP iGoat project. This message is a brief description and call for participants in the project.  
Background  
The iGoat tool is a learning tool, primarily meant for iOS developers (but also useful to IT security practitioners, security architects, and others who simply want to learn about iOS security). It takes its name and inspiration from the venerable OWASP WebGoat tool. Like WebGoat, iGoat users explore a number of security weaknesses in iOS by exploiting  them first. Then, once each weakness has been explored, the iGoat user must implement a remediation to protect against each weakness and validate that the remediation was successful--similar to the WebGoat Developer Edition.  Hints and other background information are provided, right down to commented solutions in the source code, so that developers can use iGoat as a self-study learning tool to explore and understand iOS weaknesses and how to avoid them.  Further, the iGoat platform was specifically designed and built to be as easily extensible as possible, so that new exercises can be easily built and integrated over time.  iGoat was sponsored and initially developed by KRvW Associates, LLC (www.krvw.com), and is being released under GPLv3 licensing to the community.  
Status  
With the first public release, we've included several initial exercises and exercise  categories. These include such well known topics as SQL Injection, secure communications, etc. We plan to further integrate another handful of exercises in the short term, as well as make several improvements to the user interface. In the short term, we'll also be adding more documentation in the form of HOWTO documents that will cover how to install and use iGoat, as well as how to add new exercises to it.  No doubt, further improvements will quickly surface as the community starts using the   tool...  
Project Site  
iGoat can be found at: https://www.owasp.org/index.php/OWASP_iGoat_Project
All releases and source code are on Google Code. See the project home page above for   further details.  Call for Participation  The iGoat team would like to invite anyone interested to participate and contribute to iGoat's further development. Please contact the project leader, Ken van Wyk (ken@krvw.com) if you wish to contribute to the project.
Mailing List  
An open, unmoderated forum has been set up for the iGoat project. To subscribe, see https://lists.owasp.org/mailman/listinfo/owasp-igoat-project 
Cheers, Ken  

2 comments:

Anil B Pai said...

Cool, I wanna be a part of iGoat Project... How Can I join ??

Jim Manico said...

Anil,

Everything you need is here:

https://www.owasp.org/index.php/OWASP_iGoat_Project#tab=Project_About

Aloha,
Jim Manico
jim@owasp.org