O2 (OunceOpen) - About O2

Top

Navigation

Last 5 updates:

November 25 - Dinis Cruz
Dinis Cruz midnight training session
November 11 - Dinis Cruz
O2 Config - Using DI to configure internal O2 static properties
November 5 - Matt Parsons
About O2
November 4 - Matt Parsons
About O2
September 30 - Matt Parsons
Be Careful with Custom Rules on client engagements

BREAKING NEWS: O2 will also become an OWASP project and will be called the OWASP O2 Platform (the OWASP pages are still just place-holders and the relationship between this O2 Website and the OWASP.org website is still yet to be defined)

------------------------------------------------------------------------------------------------------

Welcome to O2 website. O2 is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile.

O2 (OunceOpen) originates from OunceLabs Advanced Research Team (ART) work, where it aims to push to the limit the power of Ounce's Source Code scanning engine (Ounce 6.x).

These tools have been developed by Security Professionals FOR security professionals, and are designed to automate the security consultant's brain

What is O2

To gain a better understanding of "what is O2?" start with this presentation:

Try O2!

Download the latest version of the Binaries, Installers or Source Code (from Files (Binaries, Source and Demos))

Binaries: _Bin_(O2_Binaries)

Source Code: _SourceCode

Or can install the most commonly used O2 Modulesdirectly from the web (using Click Once):

O2_Tool_RulesManager - Powerful viewer and editor for Ounce's Rules
O2_Tool_FindingsViewer- Powerful Filter and Editor for Ozasmt files
O2_Tool_CirViewer- View and create (for .NET) CIR (Common Intermediate Representation) Objects
O2_Tool_SearchEngine- RegEx text search based GUI
O2_Tool_CSharpScripts- Edit and Debug c# Scripts
O2_Tool_DotNetCallbacksMaker- Automatically create Ounce Rules for .NET Callbacks
O2_Tool_FindingsQuery- Filter Ozasmt files using LAMDA like queries
O2_Tool_JavaExecution- Write O2 scripts in Java
O2_Tool_JoinTraces- Join traces (for example .NET and Web and Web Services layer)
O2_Tool_Python- Write O2 scripts in Python
O2_Tool_O2Scripts- O2 scripts editor (includes O2 Object Model)
O2_WebInspect(PoC of Integrating Ounce's & WebInspect's assessment data)

For demo files try these

O2 Presentation & Blogs

To see what O2 can do for you, see this presentation

Currently there are 3 blogs hosted on this website:

Here are the links to the RSS feeds:

History

To understand the history of O2, how it came about and how it fits with OunceLabs main product, read these blog entries by Dinis Cruz (main O2 developer):

Ounce 6.x (the non Open Source bit)

If you need an evaluation version of Ounce, you will need to create an account and contact us with the name of your account. After that you will be given access to this page which will allow you to request it

Questions/Tasks and Discussions

Working on being able to do the following tasks.

figure out a way to read *.pdb .Net files in order to extract source code references (needed for CirViewer)

convert to IKVM the current Jython script to create XML files with *.class files metadata (needed for CirViewer)

O2 (OunceOpen) 2008, for help email dinis.cruz (at) ouncelabs . com
The contents of this website are licensed under a Creative Commons License.