OWASP Bug Logging Tool
Introduction
OWASP BLT (Bug Logging Tool) is a powerful tool designed to allow everyone who uses the internet to help improve it. With BLT, users can submit any type of issue they encounter, whether it’s a simple design flaw like a button being the wrong color, or a serious security vulnerability. By following responsible disclosure ethics, BLT helps to ensure that reported issues are addressed in a timely and appropriate manner.
One unique feature of BLT is that it rewards users for reporting bugs. As users report more issues, they earn more points, which can be verified for extra points. Additionally, companies and organizations can get involved with BLT and launch their own bughunt programs with prize pools. This not only incentivizes users to report bugs but also encourages companies to actively seek out and address vulnerabilities before they can be exploited.
Overall, OWASP BLT is an important tool for improving internet security and promoting responsible disclosure practices. By allowing anyone to report issues, rewarding users for their contributions, and providing a platform for companies to launch bughunt programs, BLT empowers individuals and organizations to work together towards a safer and more secure online environment.
Contributors
The OWASP Bug Logging Tool Project is a community-driven initiative that relies on the contributions of volunteers from all over the world. These dedicated individuals generously donate their time and expertise to help improve the security of the internet for everyone.
We understand that without the invaluable contributions of our volunteers, the OWASP BLT Project would not be possible. Therefore, we would like to express our sincere gratitude to all the contributors and supporters who have helped make this project a success.
We are proud of the diverse and dedicated community that has grown around this project. We recognize that each contributor brings their unique perspective, skills, and experiences to the table, and we value each and every one of them.
At OWASP, we strive to foster a welcoming and inclusive environment where everyone can contribute and thrive. We believe that diversity is essential to the success of the OWASP BLT Project, and we are committed to providing a safe and supportive space for all our volunteers.
Once again, we would like to extend our heartfelt thanks to all the contributors and supporters of the OWASP Bug Logging Tool Project. Your efforts are truly appreciated, and we look forward to continuing our work together to make the internet a safer place for everyone.
https://github.com/OWASP/BLT/graphs/contributors.
Screenshots
App
How it Works
OWASP BLT is a bug logging tool that allows users to report issues and get points, and companies are held accountable. Testers can win money through company-sponsored Bug Hunts, tips, or the Grand Prize/Jackpot. Organizations can keep their customers happy by giving them a consistent bug-free user experience.
Web Roadmap
Task | Timeline |
---|---|
Revamp the design of the BLT website, starting with adding the designs to the Figma file. | Q1 2023 |
Work on the front end of the website. | Q1 2023 |
Implement upvote and downvote feature for issues. | Q1 2023 |
Add ability to tag a domain to see a list of OWASP project domains. | Q1 2023 |
Fix the invalid link on the automated issue generated by BLT. | Q1 2023 |
Address Reflected Cross-Site Scripting (XSS) and HTTP ERROR 500 issues. | Q1 2023 |
Address hidden issues. | Q2 2023 |
Design a new backend for the company. | Q2 2023 |
Set up pages in Tailwind. | Q2 2023 |
Set up “add to project” in the Flutter repo. | Q2 2023 |
Add ability to monitor a URL for changes or deletion of a keyword. | Q2 2023 |
Implement a trademark search. | Q2 2023 |
Match up websites with a trademark search. | Q3 2023 |
Allow someone to check a website to see if the keyword is removed. | Q3 2023 |
Allow someone to monitor a keyword and get alerts about it. | Q3 2023 |
Implement rate limiting for posting issues and in general for the website/API. | Q3 2023 |
Address Chinese language issues and fix Figma. | Q3 2023 |
Label the purpose of all Pipfile dependencies and HTML files. | Q3 2023 |
Convert designs to HTML and integrate them into the website. | Q3 2023 |
Create a bug report email notification system for company followers. | Q3 2023 |
App Roadmap
Task | Timeline |
---|---|
Prepare and move the Flutter app to the OWASP/BLT-Flutter repo | Q1 2023 |
Improve app navigation behavior and stack management | Q1 2023 |
Implement “rotate not lock” feature for tablets and larger devices | Q1 2023 |
Fix compile SDK version error when running “flutter run” command | Q1 2023 |
Fix site button on Company Detail Page to open URL in external browser | Q1 2023 |
Fix incorrect score on profile page | Q1 2023 |
Implement custom function for copying images from clipboard | Q2 2023 |
Add “check for duplicates” feature when reporting an issue | Q2 2023 |
Fix onboarding screen loading issue | Q2 2023 |
Show liked and flagged issues in user profile | Q2 2023 |
Fix null value check error when clicking “Explore anonymously” on welcome page | Q2 2023 |
Fix issue with posting issues | Q3 2023 |
Add more information to issue list screen | Q3 2023 |
Fix issue with push notification warning | Q3 2023 |
Implement Company Dashboard | Q3 2023 |
Implement Pricing Page | Q3 2023 |
Implement Social Page | Q3 2023 |
Integrate pricing/plans page | Q3 2023 |
Implement receiving sharing intent | Q4 2023 |
Design wireframes for the business side of the app | Q4 2023 |
Add designs for dark theme and implement theme manager | Q4 2023 |
Start app internationalization and localization (l10n) | Q4 2023 |
Design and build the company side part of the app | Q4 2023 |
Bring the app to MVP level for both Android & iOS | Q4 2023 |
Contributing
This is a call for contributions to a project called BLT. The project has a list of issues that are tagged as “good first issue” to help new contributors get started. There are also guidelines for contributing to the project. If you find a bug or have an improvement, you can report it using BLT. To make sure your contribution is linked to the relevant issue, create a new branch with the button on the right of the issue to create a new branch. Additionally, if you want to take ownership of an issue, you can use the comment “assign to me” or /assign to assign it to yourself. Contributing to the project is appreciated and benefits both the project and the contributor. Contributions are always welcome and appreciated! To get started with contributing, please check out our Contribution Guidelines. We have a list of issues that are tagged with “good first issue” to help newcomers get started. You can also join our OWASP Slack Channel and ask questions in the #project-blt channel. Involvement in the development and promotion of OWASP BLT is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
Here is the recent news about the BLT project:
- May 24 2023: BLT becomes an OWASP production project
- May 10, 2023: BLT participating in GSoC 2023
- September 12, 2016: BLT becomes an official OWASP project.
- July 18, 2016: The project was submitted to be an OWASP project.
- May 9, 2016: Logo created.
- Dec 8, 2015: A friend of OWASP suggested that the project become an OWASP project.
- May 9, 2016: Logo created.
- Jan 12, 2012: The idea was born to have a website to make a game out of bug finding and the first mockup was created.
In addition, BLT has participated in the Google Summer of Code program for the last 4 years:
- 2023 https://owasp.org/www-community/initiatives/gsoc/gsoc2023ideas
- 2022 https://owasp.org/www-community/initiatives/gsoc/gsoc2022ideas
- 2021 https://owasp.org/www-community/initiatives/gsoc/gsoc2021ideas
- 2020 https://owasp.org/www-community/initiatives/gsoc/gsoc2020ideas
Other news about the BLT project that we didn’t include:
- BLT v1.0 was released on May 5, 2020, with significant enhancements and new features.
- In 2020, BLT was selected as one of the 12 projects for the OWASP Incubator Project Initiative.
- The project has a vibrant community and continues to receive regular updates and contributions.
Frequently Asked Questions (FAQs) about OWASP BLT:
-
What is OWASP BLT? OWASP BLT (Bug Logging Tool) is a free and open-source web-based application that allows anyone to report software or hardware bugs found on any website.
-
How does OWASP BLT work? Users can submit a bug report through the BLT platform, and they can earn points for each bug they find. Companies can launch their own bug hunts and reward users for finding issues on their websites. Bug hunters can win money through company-sponsored Bug Hunts, tips, or the Grand Prize/Jackpot.
-
Who can use OWASP BLT? OWASP BLT is available for anyone to use, regardless of their technical background.
- How do I report an issue using OWASP BLT?
To report an issue using OWASP BLT, you need to:
- Create a user account to log into BLT.
- Describe the software or hardware bug you found.
- Attach a screenshot of the bug.
- Submit the information.
-
How can I win rewards for reporting bugs on OWASP BLT? You can win rewards by participating in company-sponsored Bug Hunts, where you can earn prize money known as tips. The prize pool can include a Grand Prize/Jackpot, and in some cases, there may be “heists” where each bug is worth a specific amount based on what the company sets.
-
How are bugs verified on OWASP BLT? Bugs are verified through a community-driven process, where other users can verify the issue, and the company can confirm the validity of the bug report.
-
What kind of bugs can be reported on OWASP BLT? Any kind of software or hardware bug found on a website can be reported through OWASP BLT, including security vulnerabilities, broken links, incorrect display of content, and more.
-
Can organizations launch bug hunt programs with prize pools using OWASP BLT? Yes, organizations can launch their own bug hunts and reward users for finding issues on their websites.
-
Is OWASP BLT free to use? Yes, OWASP BLT is free and open-source software licensed under the GNU Affero General Public License 3.0.
-
How can I get involved with the OWASP BLT project? Contributions to OWASP BLT are always welcome and appreciated! You can check out the Contribution Guidelines for more information, or join the OWASP Slack Channel and ask questions in the #project-blt channel. You can contribute to the project by offering your skills and expertise, such as research, writing, graphic design, or project administration.
-
Can non-technical people participate in the OWASP BLT project? Yes, non-technical people can participate in the project. The project needs different skills and expertise at different times during its development. Currently, the project is looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.
-
How to use ChatGPT to contribute to the project ?
OpenAI’s ChatGPT can be a helpful tool when it comes to assisting with projects like OWASP’s bug logging tool. As a large language model trained on a variety of sources, it can generate human-like text based on the inputs provided to it. You can use it to facilitate many parts of your development process, including but not limited to troubleshooting, code generation, documentation writing, and testing. Here’s a detailed way to approach this:- Development Phase:
- Code Reviews and Troubleshooting: ChatGPT can provide advice on code optimization, best practices, and debugging. You can ask it for input on your Django, Flutter, JavaScript code, or any other language’s code.
- Code Generation: For quick prototyping or generating boilerplate code, you can ask ChatGPT to generate snippets. For example, you might need a quick Django model or a Flutter widget.
- Documentation: Writing documentation can be time-consuming. ChatGPT can help by generating documentation based on your code and requirements. You simply need to provide a clear description of what the function or component does, and ChatGPT can help generate an appropriate documentation comment.
- Testing Phase:
- Generating Test Cases: You can ask ChatGPT to help you brainstorm and generate various test cases to ensure your code works as expected under different circumstances.
- Writing Test Scripts: Similar to code generation, you can ask ChatGPT to help you write test scripts. Provide a clear description of the test, and it can generate a basic test script for you.
- User Support:
- User Queries: You can integrate ChatGPT as a part of your support team to respond to user queries. You would need to train it on your specific product using Reinforcement Learning from Human Feedback (RLHF) so it can answer queries accurately and contextually.
- Project Management:
- Generating Reports: You can ask ChatGPT to help you generate progress reports, or any other text-based reports. Provide it with the necessary data, and a brief about what the report needs to convey.
- Communication: You can use ChatGPT to help draft project updates, emails, or any other communications you might have with stakeholders.
- GitHub Action:
- Automating Tasks: ChatGPT could be used in a GitHub Action to automate various tasks. For example, it could be used to automatically generate release notes based on merged PRs, or to check for specific code style in PRs.
- Browser Extension:
- User Interface: You can use ChatGPT to assist users on the extension. For example, you might use it to help users navigate the extension or troubleshoot problems. It could also be used to generate helpful suggestions or tips based on the context of the user’s current webpage.
- Development Phase:
Remember that GPT-4, like all AI models, is a tool that can help assist in various tasks, but it won’t replace human judgment and expertise. Always review and consider the suggestions it provides, and don’t use it for sensitive tasks without appropriate checks in place.
Remember to comply with OpenAI’s use case policy and ensure that the usage of ChatGPT is ethical, privacy-preserving, and secure.
Donate
Donating to OWASP BLT is a great way to support the project and ensure its ongoing development. Your donation will be used to cover expenses related to hosting the project’s infrastructure, organizing events, and promoting the project to a wider audience. By donating, you’re helping to keep OWASP BLT free and open-source for everyone to use, and you’re supporting the growth of the project. Every contribution, no matter how small, is greatly appreciated and goes a long way in helping the project reach its full potential.