Secure Development Knowledgebase, "TeamMentor" Beta Program!

Posted by Dinis Cruz on November 3, 2011 at 10:00 AM

After months of re-architecting TeamMentor, Security Innovation’s secure guidance knowledge base repository product, TeamMentor has now officially entered beta.

I (Dinis Cruz) was part of the main development team of this version of TeamMentor, and we were able to add a number of dramatic enhancements, for example:

  • advanced customization capabilities of the content and the application itself
  • online editing functionality
  • lightning-fast navigation
  • easier implementation, distribution and consumption

So what is Team Mentor? Here is the official definition: TeamMentor empowers development teams with contextual knowledge assets that span development languages, technology categories and vulnerabilities. TeamMentor delivers essential intelligence at the time it’s needed to help development teams produce more secure applications, fix security vulnerabilities, and collaborate to create a customized best-practices approach.

For the next few weeks, we are making TeamMentor Beta available to evaluate, and here’s how you can check it out:

  • Try it online at http://50.19.221.68:90 - this is the version ot TeamMentor (TM) with the OWASP Top 10 Library (with 244 Guidance Items)
    • Here are the login details (note that the editor role change changes all content, so try to be gentle with the version online :) )
      • Reader - Reader/changeme
      • Editor - Editor/changeme
      • Administrator - admin/changeme
  • If you want to run TM locally you can download the latest binaries and source code from: OWASP Library - TeamMentor Beta (Tuesday, November 01, 2011).zip
  • Read the lastest news at the TeamMentor mailing list , which you can join to receive updates or to ask questions
  • If you download the TM code and want to run it locally, once you unzip it:
    • Launch the server but running either the "Start NET35.bat" file or the "Start NET4.bat" file (use the one that works for you).
      • Give it a couple of seconds to load. An icon in the system tray should appear, indicating that the "Cassandra" server is running.
      • Please, note tha the "Cassandra" server does not bind to external interfaces by default, so it will only be availableon the local machine when started from the bundled scripts.
    • A web browser should open automatically on the main page.
      • The page might have to be refreshed if the server does not load quickly enough
      • The home page will either http://localhost:12345 or http://localhost:12346
    • Login to the application with one of the pre-defined user accounts (listed above)

On the development side, in addition to jQuery and its multiple plug-ins, I also used the OWASP O2 platform, which for those who don’t know is an OWASP project that I have been leading for the last few years. O2 is focused on automating security knowledge and workflows, and it was used on TeamMentor project due to its powerful C# API’s that allow for quick prototyping and unit test development. If you want to read more about what is happening behind the scenes, take a look at the the TeamMentor development blog or the O2 Platform blog.

Enjoy TeamMentor, and let us know what you think of it :)

Topics: application security

Dinis Cruz

Written by Dinis Cruz