OWASP Live CD in Virtual Box on a Mac
There's a whole world of (application) security tools out there. Many of them are even available as open source and free for you to use in checking your network, your machine, and your applications. The problem I found with these tools is the difficulty of installing them all on my Mac. They are written in different languages (Java, Python, Ruby, ...) and therefore require specific environments that need to be installed. Some handy tools are available as add-ons for Firefox. But I don't tend to use them always. I just need them for security analyses.
The answer to all this is to make use of the OWASP Live CD. OWASP is the Open Web Application Security Project, which is a non-profit organisation for improving the security of application software. Among many interesting sub-projects, there is the Live CD. The most recent release from May 2009 is called AppSecEU. It still seems like an active project. It gives you a complete Linux which can be booted from the CD. The Linux has a KDE desktop environment the most important open source security tools installed and callable from the GUI. That saves a lot of hassle installing and frees your normal working environment from all these tools. However, I don't like to reboot for assessing application security.
For this, the maintainers of the Live CD projects provide VMWare and VirtualBox images that you can run on top of your normal Mac environment. You find the most recent images here. There is even a tutorial that shows the set up of the Live CD in Virtual Box. But all you need to do is to download the image and create a new virtual machine in Virtual Box with "Operating System: Linux" and "Version: Other Linux". Then, as the virtual hard drive, select the unpacked image that you downloaded before. Now you can already boot the system and start analysing.
Everything I tried on the Live CD worked right out of the box without any additional changes. You only need to configure the tools to find your application, which can run on your Mac, for example. The only problem is that the virtual machine slows down the Linux compared to running it directly on the hardware. As application scans tend to be long, this might be a reason to boot the Live CD directly. For me, the comfort of having my normal Mac environment in parallel is more important.
The answer to all this is to make use of the OWASP Live CD. OWASP is the Open Web Application Security Project, which is a non-profit organisation for improving the security of application software. Among many interesting sub-projects, there is the Live CD. The most recent release from May 2009 is called AppSecEU. It still seems like an active project. It gives you a complete Linux which can be booted from the CD. The Linux has a KDE desktop environment the most important open source security tools installed and callable from the GUI. That saves a lot of hassle installing and frees your normal working environment from all these tools. However, I don't like to reboot for assessing application security.
For this, the maintainers of the Live CD projects provide VMWare and VirtualBox images that you can run on top of your normal Mac environment. You find the most recent images here. There is even a tutorial that shows the set up of the Live CD in Virtual Box. But all you need to do is to download the image and create a new virtual machine in Virtual Box with "Operating System: Linux" and "Version: Other Linux". Then, as the virtual hard drive, select the unpacked image that you downloaded before. Now you can already boot the system and start analysing.
Everything I tried on the Live CD worked right out of the box without any additional changes. You only need to configure the tools to find your application, which can run on your Mac, for example. The only problem is that the virtual machine slows down the Linux compared to running it directly on the hardware. As application scans tend to be long, this might be a reason to boot the Live CD directly. For me, the comfort of having my normal Mac environment in parallel is more important.