Abstract
In this talk Dinis Cruz will show the OWASP O2 Platform, which is an open source toolkit specifically, designed for developers and security consultants to be able to perform quick, effective and thorough ’source-code-driven’ application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft’s CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2’s advanced support for Struts and Spring MVC.
Chapter PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cruz, D. (2010). OWASP O2 Platform - Open Platform for Automating Application Security Knowledge and Workflows. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16120-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-16120-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16119-3
Online ISBN: 978-3-642-16120-9
eBook Packages: Computer ScienceComputer Science (R0)