Forgot your password?
typodupeerror

+ - Hunting for web application vulnerabilities

Submitted by Anonymous Coward
An anonymous reader writes "As some of you may, or may not be aware web application security is a major concern for many organisations as a vulnerable web application can, and will almost certainly be abused, leading to the possible compromise in the confidentiality, integrity, or availability of assets. Recently, a new version of the Arachni Web Application Security Scanner Framework was released. This brings with it a huge list of features that were previously unavailable from any other free or open source web application security software. In short, the major feature addition and the item that makes it stand out in the crowd of automated security scanners (even some commercial ones) is its unmatched support for modern technologies such as HTML5, DOM, JavaScript, and AJAX, thanks to the implementation of a full headless web browser. For any experienced penetration testers, fresh hackers wanting to learn, or even those just wanting to improve the security of their own organisations web applications, it’s definitely worth checking out."

+ - Security Assessments of Modern Applications Made Accessible by Arachni v1.0

Submitted by Zapotek
Zapotek (1032314) writes "With web application security breaches being all the rage, the situation was further worsened by the lack of open systems, that can accurately assess the security of modern web applications. Today's requirements for HTML5, DOM, JavaScript and AJAX technologies meant that automated security assessments of modern applications could only be performed via closed-source and prohibitively priced products, as their free and open-source counterparts were severely lacking in support for such advanced features. However, with the breakthrough release of Arachni Framework v1.0, there is now a free and open-source system that not only has adequate support for the necessary features, but surpasses even the most established commercial products at common industry security benchmarks.
(Full disclosure: I am Tasos Laskos, the founder and lead developer.)"

+ - Arachni v1.0, the F/OSS webappsec scanner with integrated browser environments

Submitted by Zapotek
Zapotek (1032314) writes "In the world of web application security scanners, the disparity in crawl coverage and vulnerability detection has always been rather significant between commercial offering from big names such as IBM and Hewlett-Packard and F/OSS projects; this was in no small amount due to the fact that F/OSS systems have been severely lacking in support for modern technologies, such as HTML5/JavaScript/AJAX/DOM. The Arachni Framework v1.0 has now crossed that line and is the first F/OSS system to support such complex features, allowing it to surpass even the most established commercial offerings in vulnerability coverage, detection and accuracy. In an effort to make a quality security scanner available to all, we would like to invite penetration testers and administrators to try it, provide us with their valuable feedback and generally get the word out. Thank you in advance, Tasos Laskos — founder and lead developer."

Comment: Re:Bah humbug censorship (Score 1) 307

by Zapotek (#47848161) Attached to: Responding to Celeb Photo Leaks, Reddit Scotches "Fappening" Subreddit
The examples I gave ware successful in demonstrating a high-risk situation vs a low risk one, and that adults should be able to assess these sorts of situations properly.

Nowhere did I suggest that people be IT professionals, as it's not about the cloud nor any other intricate technicality, but I simply stated that you should flat out not create documents of any sort that can be damaging to your image, if that image is important to you. Someone hacking your account, someone stealing your phone or laptop, you forgetting your phone at a park bench, you accidentally sending them to the wrong person and a myriad of other reasons should discourage you from putting yourself at risk without any real benefits. Those people have spectacularly failed at that, so part of the blame goes to them, as well as to the people who violated their privacy, if we want to be realistic.

You called them hapless, you accounted them no responsibility, essentially treating them as non-people. Is that really the right way to treat healthy adults?

Finally, your post makes it sound like I'm on some sort of a crusade against them or as if I were defending the people who both broke valid laws and violated someone else's privacy, which I absolutely did not. Your excessive defensiveness and offensiveness stems from your own issues man, don't put that on me.

Comment: Re:Bah humbug censorship (Score 0) 307

by Zapotek (#47847245) Attached to: Responding to Celeb Photo Leaks, Reddit Scotches "Fappening" Subreddit
Quit with the black and white stuff, it's not that clearcut. If you walk past a neighborhood which is known for its high criminal activity wearing a Rolex, holding a $600 iPhone with one hand and a $2000 laptop with the other, then yes, it obviously is also your fault if you get mugged. The universe does not stand on principles.

The problem is that people (you being a prime example) fail to calculate risk effectively. For example, the risk of someone hacking a PCI compliant institution and stealing my credit card info (from a card with limited funds which I only use for on-line purchases) is low enough that doesn't dissuade me from making CC purchases -- also taking into account other safeguards.

However, if public image was important to me then I certainly wouldn't store embarrassing pictures of me anywhere. Especially not on a laptop I'd brazenly display while walking past a bad neighborhood -- or someone else's server.

Also, if you're looking to get rubbed[sic] then $1000 in cash would certainly help.

Comment: Re:Transcript... (Score 1, Insightful) 120

by Zapotek (#47761783) Attached to: The Grumpy Programmer has Advice for Young Computer Workers (Video)

I learned that many programmers are musicians or good at various art forms. Which surprised me because I was a good programmer and can't play a musical instrument or do anything artistic at all.

Music is basically counting and patterns, something that should come naturally to most programmers. The music theory jargon can easily go over your head at the beginning but you don't need to dive into it to actually play music at a basic level, and after you get some practise and a feel for it, the more advanced stuff start to make sense.

The hard part is actually getting some level of technical proficiency over your instrument of choice, dexterity is rarely useful in real life but it's the basis of playing most instruments.

If you can whistle a tune you can play music, getting control over the new medium (the instrument in this case) is the biggest issue, as the learning curve is highly steep and the fact that you'll initially sound like crap doesn't provide adequate positive re-enforcement, something necessary to any learning process.

Also, the fact that the cheap learner instruments sound really bad and are much harder to play than the expensive awesome sounding stuff doesn't help either.

PS: I'm an amateur self-taught guitar player, maybe someone with actual training can provide a better perspective.

Comment: Re:A few issues with this... (Score 1) 595

by Zapotek (#47748467) Attached to: New Nail Polish Alerts Wearers To Date Rape Drugs
Everyone focused on the very personal concern I voiced, which is me being grossed out by the finger dipping approach. No-one touched on the very real issue of whether there were any compromises in accuracy for making this thing work as a nail-polish. For Pit's sake I've got a sister and plenty of female friends and I don't want them to get in trouble just because they trusted a product based on how popular it is, due to people drowning out valid criticisms, like mine.
I don't care if someone claims they've found the cure for cancer, show me the data, then I'll tattoo your name on my forehead.

Also, I don't have to have a better idea to voice concerns, just like I don't have to be a master chef to say that I don't like the food at a restaurant.

Comment: Re: A few issues with this... (Score 1) 595

by Zapotek (#47747861) Attached to: New Nail Polish Alerts Wearers To Date Rape Drugs
How am I shitting on the idea? Criticism is how you get improvement. Also, even if I were shitting on the idea, I'm pretty sure that'd have absolutely zero effect overall. You know this is a public forum right? I don't have veto power over the product, I'm just throwing my concerns out there, lighten up.

Comment: Re:A few issues with this... (Score 1) 595

by Zapotek (#47747829) Attached to: New Nail Polish Alerts Wearers To Date Rape Drugs
I think the subtlety will wear-off once this invention becomes common knowledge, if someone can see you dip a strip, they can see you dip your fingers. Actually, I can palm and dip a strip without others noticing, I can't do the same with my fingers though.
And I still can't help but find it gross, and not all drinks have a high alcohol content, and you'd be surprised what's under your fingernails -- cba to find the oblig XKCD.

Just because he's dead is no reason to lay off work.

Working...