release candidate version 4.1.5-RC1

Author: jgadsden

.github/workflows/release.yaml

@@ -120,7 +120,7 @@ jobs:
     name: Create pull request
     runs-on: ubuntu-24.04
     needs: create_artifacts
-    if: contains( ${{ github.ref_name }}, 'RC' ) == 'false'
+    if: ${{ !contains( github.ref_name, 'RC' ) }}
 
     steps:
       - name: Checkout markdown
@@ -209,6 +209,11 @@ jobs:
           find release -name "*.md" -exec sed -i ':a; /^\n*$/{ s/\n//; N;  ba};' {} +
           find release -name "*.md" -exec sed -i '${/^$/d;}' {} +
 
+      - name: Fix up ToC sidebar
+        run: |
+          cp  _data/draft.yaml _data/release.yaml
+          sed -i "s/^docs_list_title.*/docs_list_title: Developer Guide/" _data/release.yaml
+
       - name: Retrieve pdfs and epubs
         uses: actions/[email protected]
         with:

assets/exports/OWASP_Developer_Guide.epub

@@ -5,8 +5,8 @@ layout: col-document
 tags: OWASP Developer Guide
 contributors: Johan Sydseter, Jon Gadsden
 document: OWASP Developer Guide
-order: 8210
-permalink: /release/verification/tools/dast/
+order: 821
+permalink: /draft/verification/tools/dast/
 
 ---
 

assets/exports/OWASP_Developer_Guide.pdf

@@ -18,4 +18,4 @@ permalink:
 
 #### A Guide to Building Secure Web Applications and Web Services
 
-### Release version 4.1.4
+### Release version 4.1.5-RC1

draft/08-verification/02-tools/01-dast.md

@@ -73,7 +73,7 @@ permalink:
 6.1.2 [MAS Testing Guide](#mas-testing-guide)  
 6.1.3 [Application Security Verification Standard](#application-security-verification-standard)  
 6.2 [Tools](#verification-tools)  
-6.2.1 [Zed Attack Proxy](#zed-attack-proxy)  
+6.2.1 [DAST tools](#dast-tools)  
 6.2.2 [Amass](#amass)  
 6.2.3 [Offensive Web Testing Framework](#offensive-web-testing-framework)  
 6.2.4 [Nettacker](#nettacker)  

release/01-front.md

@@ -165,7 +165,6 @@ There are many OWASP tools and resources to help build security into the SDLC.
 * [Nettacker][net]
 * [Offensive Web Testing Framework][owtf] (OWTF)
 * [Web Security Testing Guide][wstg] (WSTG)
-* [Zed Attack Proxy][zap] (ZAP)
 
 #### OWASP training projects
 
@@ -237,4 +236,3 @@ then [submit an issue][issue0402] or [edit on GitHub][edit0402].
 [intstand]: https://owasp.org/www-project-integration-standards/
 [webgoat]: https://owasp.org/www-project-webgoat/
 [wstg]: https://owasp.org/www-project-web-security-testing-guide/
-[zap]: https://www.zaproxy.org/

release/02-toc.md

@@ -48,7 +48,7 @@ This provides an overview of tools and techniques used for most SDLCs.
 * OWASP [Proactive Controls][proactiveocre]
 * OWASP [Cheat Sheets][csocre]
 * OWASP [WSTG][wstgocre]
-* [ZAP][zapocre] from [Crash Override][crash]
+* [ZAP][zapocre]
 
 The aim of this project is to 'Link all the things with OpenCRE' which will:
 
@@ -105,7 +105,6 @@ then [submit an issue][issue0503] or [edit on GitHub][edit0503].
 
 [asvs]: https://owasp.org/www-project-application-security-verification-standard/
 [capecocre]: https://opencre.org/search/CAPEC
-[crash]: https://crashoverride.com/
 [csocre]: https://opencre.org/search/OWASP%20Cheat%20Sheets
 [cweocre]: https://opencre.org/search/CWE
 [cwe]: https://cwe.mitre.org/

release/04-foundations/02-secure-development.md

@@ -44,7 +44,7 @@ Sections:
 6.1.2 [MAS Testing Guide](#mas-testing-guide)  
 6.1.3 [Application Security Verification Standard](#application-security-verification-standard)  
 6.2 [Tools](#verification-tools)  
-6.2.1 [Zed Attack Proxy](#zed-attack-proxy)  
+6.2.1 [DAST tools](#dast-tools)  
 6.2.2 [Amass](#amass)  
 6.2.3 [Offensive Web Testing Framework](#offensive-web-testing-framework)  
 6.2.4 [Nettacker](#nettacker)  

release/05-requirements/03-opencre.md

@@ -27,7 +27,7 @@ whereas manual security testing of high-risk components requires good knowledge
 
 Sections:
 
-6.2.1 [Zed Attack Proxy](#zed-attack-proxy)  
+6.2.1 [DAST tools](#dast-tools)  
 6.2.2 [Amass](#amass)  
 6.2.3 [Offensive Web Testing Framework](#offensive-web-testing-framework)  
 6.2.4 [Nettacker](#nettacker)  

release/08-verification/00-toc.md

@@ -5,8 +5,8 @@ layout: col-document
 tags: OWASP Developer Guide
 contributors: Johan Sydseter, Jon Gadsden
 document: OWASP Developer Guide
-order: 821
-permalink: /draft/verification/tools/dast/
+order: 8210
+permalink: /release/verification/tools/dast/
 
 ---
 
@@ -70,5 +70,3 @@ then [submit an issue][issue080201] or [edit on GitHub][edit080201].
 [edit080201]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/08-verification/02-tools/01-dast.md
 [issue080201]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=content&template=request.md&title=Update:%2008-verification/02-tools/01-dast
 [wikipedia]: https://en.wikipedia.org/wiki/Dynamic_application_security_testing
-
-\newpage

release/08-verification/02-tools/00-toc.md

@@ -38,7 +38,7 @@ whereas manual security testing of high-risk components requires good knowledge
 
 Sections:
 
-6.2.1 [Zed Attack Proxy](01-zap.md)  
+6.2.1 [DAST tools](01-dast.md)  
 6.2.2 [Amass](02-amass.md)  
 6.2.3 [Offensive Web Testing Framework](03-owtf.md)  
 6.2.4 [Nettacker](04-nettacker.md)  

release/08-verification/02-tools/01-dast.md

@@ -62,7 +62,7 @@ OWASP secureCodeBox orchestrates a range of security-testing tools in various do
   * Nikto web server vulnerability scanner
   * Nuclei template based vulnerability scanner.
   * Screenshooter takes screenshots of websites
-  * ZAP and ZAP Advanced web application & OpenAPI vulnerability scanner extend with authentication features
+  * ZAP Advanced web application & OpenAPI vulnerability scanner
 
 Other tools may be added over time.
 

release/08-verification/02-tools/toc.md

@@ -12,7 +12,7 @@ permalink: /release/verification/vulnerability_management/defectdojo/
 
 {% include breadcrumb.html %}
 
-![DefectDojo logo](../../../../assets/images/logos/defectdojo.png "OWASP DefectDojo"){: height="180px" }
+![DefectDojo logo](../../../../assets/images/logos/defectdojo.png "OWASP DefectDojo"){: height="160px" }
 
 ### 6.4.1 DefectDojo
 

release/08-verification/03-frameworks/01-secure-codebox.md

@@ -55,7 +55,7 @@ Sections:
 6.1.2 [MAS Testing Guide](01-guides/02-mastg.md)  
 6.1.3 [Application Security Verification Standard](01-guides/03-asvs.md)  
 6.2 [Tools](02-tools/toc.md)  
-6.2.1 [Zed Attack Proxy](02-tools/01-zap.md)  
+6.2.1 [DAST tools](02-tools/01-dast.md)  
 6.2.2 [Amass](02-tools/02-amass.md)  
 6.2.3 [Offensive Web Testing Framework](02-tools/03-owtf.md)  
 6.2.4 [Nettacker](02-tools/04-nettacker.md)  

release/08-verification/04-vulnerability-management/01-defectdojo.md

@@ -28,7 +28,7 @@ permalink: /release/training_education/vulnerable_applications/webgoat/
 
 The OWASP [WebGoat][webgoat] project is a deliberately insecure web application that can be
 used to attack common application vulnerabilities in a safe environment.
-It can also be used to exercise application security tools, such as [ZAP][zap], to practice
+It can also be used to exercise application security tools to practice
 scanning and identifying the various vulnerabilities built into WebGoat.
 
 WebGoat is a well established OWASP project and achieved Lab Project status many years ago.
@@ -105,7 +105,7 @@ WebWolf provides:
 
 Try all the WebGoat lessons, they will certainly inform and educate.
 Use WebGoat in demonstrations of your favourite attack chains.
-Exercise Zap and Burp Suite against WebGoat, or other attack tools you have with you.
+Exercise available attack tools against WebGoat.
 
 Try out the WebGoat desktop environment by running `docker run -p 127.0.0.1:3000:3000 webgoat/webgoat-desktop`
 and navigating to `http://localhost:3000/`.
@@ -116,7 +116,6 @@ There are various ways of configuring WebGoat, see the [github repo][goatgithub]
 
 * OWASP [WebGoat][webgoat] and WebWolf
 * [Docker][dockerinstall]
-* [ZAP][zap]
 
 ----
 
@@ -130,4 +129,3 @@ then [submit an issue][issue090102] or [edit on GitHub][edit090102].
 [edit090102]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/09-training-education/01-vulnerable-apps/02-webgoat.md
 [issue090102]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2009-training-education/01-vulnerable-apps/02-webgoat
 [webgoat]: https://owasp.org/www-project-webgoat/
-[zap]: https://www.zaproxy.org/

release/08-verification/toc.md

@@ -12,7 +12,7 @@ permalink: /release/operations/coraza_waf/
 
 {% include breadcrumb.html %}
 
-![Coraza logo](../../../assets/images/logos/coraza.png "OWASP Coraza"){: height="180px" }
+![Coraza logo](../../../assets/images/logos/coraza.png "OWASP Coraza"){: height="160px" }
 
 ### 9.2 Coraza Web Application Firewall
 

release/09-training-education/01-vulnerable-apps/02-webgoat.md

@@ -18,7 +18,7 @@ permalink: /release/
 
 #### A Guide to Building Secure Web Applications and Web Services
 
-### Release version 4.1.4
+### Release version 4.1.5-RC1
 
 1 **[Introduction](03-introduction.md)**
 
@@ -79,7 +79,7 @@ permalink: /release/
 6.1.2 [MAS Testing Guide](08-verification/01-guides/02-mastg.md)  
 6.1.3 [Application Security Verification Standard](08-verification/01-guides/03-asvs.md)  
 6.2 [Tools](08-verification/02-tools/toc.md)  
-6.2.1 [Zed Attack Proxy](08-verification/02-tools/01-zap.md)  
+6.2.1 [DAST tools](08-verification/02-tools/01-dast.md)  
 6.2.2 [Amass](08-verification/02-tools/02-amass.md)  
 6.2.3 [Offensive Web Testing Framework](08-verification/02-tools/03-owtf.md)  
 6.2.4 [Nettacker](08-verification/02-tools/04-nettacker.md)