Published on Mar 20, 2010 at 7:41
Partly because its relative to an upcoming work project and partly because it’s just plain fun, I’m playing around with new vulnerability scanning tools this morning.
My focus at the moment is expanding my knowledge of web application scanners. I’m pretty well-versed with WebInspect but naturally I’m interested in open source tools, for cost and skill-building reasons.
For starters I needed a web platform to scan. Many moons ago, @NickITSec mentioned Damn Vulnerable Linux (DVL) to me. I’ve tried using it before and failed1 but at the time the DVL website was in transition, throwing 404’s and 500’s left and right, including the links to the documentation. I tried again last week and hit mostly the same brick wall. My best guess is that they’ve gone “closed source” with the documentation in their attempts to make official training courses and certifications.
That’s about the time I decided any easily available web server platform (preferably with pre-installed apps or other juicy targets) would suffice. I knew I wanted a virtual machine, for all the obvious reasons, and a quick search led me to an awesome LAMP2 Virtual Appliance. 15 minutes later I was successfully running credentialed and uncredentialed scans against the local apps. The ease of installation, excellent documentation, and the sheer happiness in probing my own network prompted this whole blog post (which has taken about 45 minutes of my time- d’oh!).
If anyone’s keeping track, this morning’s tools are:
- Websecurify | Verdict: Awesome so far
- DB Audit | Verdict: Haven’t tried it yet, and it’s a “free trial,” not open source
- Angry IP Scanner | Verdict: Seems to be perfect; lightweight, and it does just exactly what it purports to do, quickly
1 Apparently my ego can’t handle not including a footnote when mentioning failure- LOL. I installed it just fine, and was able to use the OS itself, but couldn’t figure out how to perform testing against it from another box on my LAN.
2 Linux, Apache, MySQL, Perl/PHP/Python
Published on Feb 28, 2010 at 23:49
The last weekend in March I’m going to PAX East 2010 in Boston with a couple of buddies (one of whom is our D&D Dungeon Master, to point out the meta geek factor). I’m über excited- not only have I never attended anything like this before, I’m glad to be taking a trip with friends to do something we want to do. QT is awesome, between supporting my overall geekiness and joining me in Xbox games frequently, but PAX is definitely not her scene.
One buddy pretty much planned the whole trip, from travel research to hotel arrangements, and the other has been researching quality food and beverage resources. So, when I saw the schedule and instantly wished it was in a more ingestable and collaborative format, I realized I could help out the crew by creating said format. Don’t get me wrong, the original schedule is sufficient and fits with the theme of the site. And I don’t doubt that the packet will contain awesome goodies to include a handier version of the schedule. But the packet is still 2+ weeks away and my logic-based, auto-collating geek brain needs a way to figure out what events overlap, minimal travel distance between events, and then synchronize that with the needs of the other two peeps at the convention.
Blah blah blah, I need to remember that this Journal article is singular in purpose: to provide a spreadsheet version of the PAX East 2010 schedule. Are there a gazillion other people doing the same thing? Probably. Could it look better and have more information? Definitely. But if it helps our crew, perhaps it can help someone else.
Here it is in all the formats available to me through Google Docs:
[Original] [Extra Crispy] [HTML] [CSV] [TXT] [PDF] [XLS] [ODS] [ATOM] [RSS]
Enjoy! And PS, this is definitely a rarely-visited blog- my Mom is probably my most-frequent reader (thanks Mom!). If this helps you out, a comment would be awesome.
Wanted: A better way to collaborate multiple attendees’ desired events; something Web 2.0 would be awesome. Any ideas?
Published on Feb 17, 2010 at 20:50
Pardon my waves of nostalgia- I’ve started keeping in touch with my old friend Vice, aka Vicevursa, also referenced by his website, Vicesounds. What most quickly comes to mind are his smiling face in our wedding photos (he was a groomsmen) and his son’s captivating dance moves at our wedding. Good Times.
