Friday 30 July 2010

O2 Platform, ideas on where to start


If you want to delve deeper into O2's world I would say that your first step is to replicate the BlackBox and WhiteBox examples that I have already created and published with O2 (check out the Demo's Tab in the main GUI).

Some pointers:
  • If you are on a 32bit box, I would recommend  that you use the latest version of O2 (which is only available via the ClickOnce install ) since it as a ton of new features
  • Install HacmeBank and WebGoat locally
  • Write a BlackBox script to exploit an SQL Injection in HacmeBank and an XSS in WebGoat
  • From HacmeBank's Source Code, build its MethodStreams and find the SQL Injections on the WebServices, and connect the WebLayer with the WebServices Layer
  • Transform the above scripts in Unit tests
  • Create a document with your experiments containing tons of screenshots about it
  • Create a video with your experiments (and publish it, or send it to me)
If you have any issues, join the O2 Platform mailing list and ask a question.

There is also an Amazon EC2 image that I have with O2 fully configured which I can give you access if you ping me directly