Welcome to the newly updated AppSecLive site for OWASP Web Testing Environment (WTE) and other random stuff from Matt Tesauro.


OWASP WTE started back in 2008 as part of the OWASP Summer of Code and was initially just a bootable ISO image. After several releases of a Live CD based on Slax Linux. Slax is great but having to regenerate an entire ISO image for one new package isn’t very cool. Starting with the beta release of WTE in January of 2010, WTE has been built using Debian (.deb) packages. For that time, the goal of the project hasn’t changed:

Make application security tools and documentation
easily available and easy to use

If you’re curious about application testing (web and API), then WTE offers you a complete, ready-to-use environment to start learning and start breaking. From the start, there have been a few design goals:

  • Easy for users to keep updated

  • Easy for project lead to keep updated

  • Easy to produce releases (more on this later)

  • Focused on just application security – not general pen testing

Flavors of OWASP WTE

Since OWASP WTE is made from individual Debian packages, there’s a number of ways to get your WTE on:

  1. Download a Virtual Machine built on Xubuntu 12.04 LTS

    1. VirtualBox format

    2. VMware format

  2. Install one or more packages into your current Linux

    1. Ubuntu, Xubuntu, Kubuntu and other *buntu’s

    2. Debian

    3. Linux Mint

  3. Download a boot-able ISO image

  4. Install OWASP WTE in the cloud (more info coming soon)

  5. Roll your own meta-package (more info coming soon)

More info

You can also find more information on OWASP WTE at: