I just came back from my trip to Amsterdam where I gave a lightning talk about
OWTF for the AppSec EU 2015 :)
I also went there for the OWASP Project Summit where I met some of the other OWTF developers and my dear friend
Abe, finally!
OWASP Project Summit
The first two days were dedicated for the Project Summit. Marios and I had prepared a couple of sessions in order to discuss the future of OWTF. We spoke about many things, from new architecture to the new technology stack we would like to use, admin/user authentication scheme, alternative to Kali, inter-compatibility python 2.X/3.X and many more.
One thing for sure, OWTF is going to be rebooted. Due to numerous GSoC projects merged (too?) quickly, extra layers being added, tests missing, not-so-much scalable architecture, we have all agreed (our two awesome Leaders as well but we already knew that) to go for a reboot.
This kind of decision does not happen really often because it implies a lot of works and many upcoming problems but I am deeply convinced that the current codebase became too complicated to be maintained.
In short, we are going to reboot OWTF in order to have a much more scalable architecture, nicer and stronger codebase, unit tests, etc. It will take us weeks, even months just to write down everything before starting but I am looking forward to see what we can achieve with our new ideas :)
OWASP AppSec EU
The AppSec EU was really interesting. I met many interesting people like the Google security team, main actors of OWASP, some French guys (we are everywhere, unbelievable!) and many more! We had nice chats and it is always awesome to speak about technical topics with skilled people.
I also attended to talks that kind of blew my mind: Copy and Pest, The Node.js Highway, PDF - Mess With The Web and others :)
I was also invited to give a lightning talk about OWTF and I was really exited about that. I know, it is only 10 minutes, but it was a nice opportunity to present our tool to other people. From the feedback I had, the talk went really well! It also has been recorded but the video is still under work as far I can tell. I will update the post with its link as soon as I have it.
I look forward for the next year AppSec EU, at Rome this time :)