The OWASP (Open Web Application Security Project) works on a number of tools in the domain of web application security. Among them:
- Commons Library - is a growing set of reuseable Java code that can be baked into your own secure applications. Dealing with issues like session and transaction management, input filtering, user account maintenance and form generation the OCL is used extensively in oPortal. Filters is now included in the OCL.
- CodeSeeker - is an application level firewall that runs on Win32 (IIS), Solaris and Linux. It features connectors that install on the webservers and filters and blocks traffic with malicious content. As it sits on the TCP stack it can deal with high speed traffic which it inspects just after SSL decryption takes place. The centralized management console written in Java can control many agents.
- WebGoat - is an interactive teaching tool. Essentially a broken web application, WebGoat takes you through various key lessons, with each section culminating in a challenge to exploit the issue you just learnt about for yourself.
- WebScarab - is a set of various Java tools and code snippets that one day will evolve into a testing tool. Included under the WebScarab stable is Pen Proxy (originally authored by Svere Huseby), Exodus (originally authored by Rogan Dawes) and Open Proxy (by Steve Taylor).
![[Python Powered]](images/PythonPoweredSmall.gif)
