When we started OWASP 9 months ago the requirements for the site were
pretty simple. It just needed to display static content. With the nature
of the project it was an obvious choice not to tempt fate and use static
HTML wherever possible.

As the projects progressed and continues to get more and more attention
the needs have grown and we are now at a stage where things are being
seriously hindered by not having a scalable and secure application
platform from which to do interesting things with and add new content
quickly. Added to that it seems a cop out to be a project about building
and testing secure web applications without having one on display !
That's something a few of us have been troubled with for a while. Talk
the talk, walk the walk and all that. We know we are a trophy defacement
and the logs prove it !

However with the lack of time, volunteers only, no funding and most
developers focused on trying to get WebScarab (the flagship project)
developed and released within the next 6 months, and with other projects
like the filters and requirements project taking up volunteers time,
it is not looking like anyone can commit to building a platform that
will work in the near future. (We don't want to use Slash !)

OWASP will definitely remain totally independent whatever happens but
as a "thought" we have been toying with the idea of asking for a sponsor
to develop a portal application in return for basic sponsorship.
Essentially its the right to say "we developed the web application for
OWASP". No glaring banners, no branding, just a discrete footer in
acknowledgment of support and efforts and the right to use it in
advertising or marketing. With the attention the project is getting and
the daily hits we think its a good deal for anyone. We would I guess.

What we are looking for is for a company to build out a portal using
Jakarta Struts or Jetspeed with some changes to some security related
components. We can support it.

The portal would allow user registration, page customization including
aggregated news feeds on the frontpage via rdf from popular security
sites.
Aggregated vulnerability / patching alerts by allowing a user to select
platforms he is interested in like BEA, IIS and PHP
Customizable presentation of lists like white papers and tools (sorting
etc)
Search
Mailing list archives
User reviews, comments, feedback etc (maybe a BBS)
Wizard driven vuln XML descriptions (eventually served as a SOAP
service)
Various presentation of things like WebScarab documentation and Designs,
FAQ's, code, patches etc

An example of the kind of site were talking about is
http://qld.ieaust.org.au/jetspeed/ (built in JetSpeed).

If this is of interest (you will need to be able to develop within next
two / three months) please contact me offline to discuss details.

Thanks

PS Please don't mail saying you would do it if you get a big banner on
every page! No offense but ..............

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]