OWASP LiveCD switching to Ubuntu
The OWASP LiveCD is a collection of open-source security software for web developers as well as external and internal testers/auditors, that does very much the same job as the BackTrack LiveCD does for network and system penetration tests. Matt Tesauro is the project's new maintainer and new versions have appeared since its redesign in the autumn of 2008.
"AustinTerrier", the current version, contains a number of freely available tools for fingerprinting web servers (Httprint), web-application scanners such as Grendel Scan and w3af, special tools to test for SQL injections (SQLiX, sqlmap), as well as miscellaneous security fuzzers and brute-force tools. Local proxies such as WebScarab, Paros Proxy, Rat Proxy or Burp Suite, and a preconfigured Firefox with 25 plug-ins, are required here.
The one fly in the ointment is that some of the included program are not the most recent releases. Firefox is at version 3.0.6 and some infrastructure tools, such as Wireshark and Nmap/Zenmap, could also be newer. Metasploit, however, comes from the SVN repository. The AustinTerrier version is to be renewed following the "OWASP AppSec Europe 2009 - Poland" conference, held from the 11th to the 14th of May in Krakow.
As with BackTrack, the CD, as well as the VMware and VirtualBox images are based on the Linux LiveCD SLAX framework, a modified Slackware distribution. In the long run, however, Tesauro sees this as a dead end. The next version is to be based on Ubuntu, which will help improve package management and therefore simplify updates and the resolution of dependencies, aside from permitting package signing. Switching to Ubuntu also means that Windows users can use Wubi. Wubi, an Ubuntu installer for Windows users, makes it relatively easy to place a large file on the Windows filing system that can be booted into without changing the partition table.
(Dr Dirk Wetter)