OWASP AppSec Research 2013

Background: The Offensive (Web) Testing Framework (aka OWTF) is a free and opensource OWASP+PTES-focused tool. Its objective is to unite great tools and make pen testing more efficient. Full details available at http://owtf.org.

In this talk there will be a brief introduction to OWASP OWTF. This will be followed up with demos of the latest features up until the time of the conference (with special focus on the Brucon sponsored 5x5 development features before the conference) to help pen testers get the most out of this tool and/or provide them with new ideas to improve their pen testing process.

OWASP OWTF is a tool that tries to achieve a new level of efficiency and comprehensiveness by combining great standards (OWASP aligned, PTES in the to-do list), great tools, websites and knowledge in the public domain together with continuous reporting using an interactive report that allows the pen tester to analyse the information in a similar fashion to the thought process of a chess player.

OWASP OWTF intends to find an optimal balance between automation and human analysis so that the best of both worlds can be attained.