[spanish-ar] Test Driven Secure Development <at> agiles bs as (segunda parte)

Que: Taller de Test Driven Secure Development
Donde: Auditorio MUG Rivadavia 1479 1er Piso, Buenos Aires
Cuando: Miércoles 2013-05-29
Cuanto: gratis
Como me inscribo: http://www.meetup.com/agiles-bsas/events/120711202/

En el encuentro pasado (http://www.meetup.com/agiles-bsas/events/118145402/), facilitado por
Carlos Pantelides, no llegamos a cubrir la totalidad de los temas y hubo mucho interés de los presentes en
continuar la actividad. Es por eso que organizamos este nuevo encuentro en una fecha especial.

En esta ocasión, recapitularemos velozmente lo ya visto en beneficio de quienes no hayan asistido a la
primera parte y nos abocaremos a ver csrf, session fixation y cómo el testeo nos fuerza a mejorar la
arquitectura de la aplicación.

Intentaremos tambien iniciar la convocatoria al Agile Open Seguridad Buenos Aires 2013, donde podremos
hacer un debate mucho más rico sobre temas como el del encuentro.

Carlos Pantelides

 <at> dev4sec

http://seguridad-agile.blogspot.com/

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

Help please with installed new version w3af

Good day!
I try installed new version w3af from git but after installed
all needed modules i get error:

Your python installation needs the following modules to run w3af:
    git.util 

On Debian systems please install the following operating system packages before running the pip installer:
    sudo apt-get install git

After installing any missing operating system packages, use pip to install the remaining modules:
    sudo pip install GitPython

I check forum and you mailing with another users about this problem.
You say  - need another module. Ok. I look modules but, not get  good
result. Please what some version module GitPython need use from this
list:

GitPython-0.3.0-beta1.tar.gz
GitPython-0.1.7.tar.gz
GitPython-0.2.0-beta1.tar.gz
GitPython-0.3.1-beta2.tar.gz
GitPython-0.3.0-beta2.tar.gz
GitPython-0.3.2.RC1.tar.gz

Best regards, Vadym.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 

Practical HTTP Host header attacks - Contributor wanted

Lists,

    After reading "Practical HTTP Host header attacks" [0] I thought
it would be fun to have a plugin that could detect (some) of the
attacks explained there.

    Since I'm focusing on other things over the next weeks, but still
can spend some hours on w3af, I thought that I could mentor someone to
write this plugin. So, if you never wrote a plugin, never read w3af's
source code, etc. and have time to spend doing geeky stuff, answer
this email and I'll mentor you during the whole process of writing the
plugin :)

[0] http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
[1] https://github.com/andresriancho/w3af/issues/314

Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter:  <at> w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may

w3af on raspberry pi [was: w3af health state]

Andrés,

thank you for your advice, now you can run w3af headless with a few status leds

http://seguridad-agile.blogspot.com/2013/05/w3af-on-raspberry-pi.html

Carlos Pantelides

 <at> dev4sec

http://seguridad-agile.blogspot.com/

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1

Monitor w3af from another application

Hi:

In order to use w3af_console from a script and monitor it, I need to get the status of w3af after starting an
exploration, what is the best point? It could be a write() to a file that I would tail, it does not matter what
but where.

Thank you

Carlos Pantelides

 <at> dev4sec

http://seguridad-agile.blogspot.com/

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2

py26-gtk obsolete

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

_______________________________________________
W3af-users mailing list
W3af-users@...
https://lists.sourceforge.net/lists/listinfo/w3af-users

Need help

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

_______________________________________________
W3af-users mailing list
W3af-users@...
https://lists.sourceforge.net/lists/listinfo/w3af-users

First run w3af new version . ImportError: No module named util

Hi friends ,

   Could you help me with this ?

Traceback (most recent call last):
   File "./w3af_gui", line 109, in <module>
     err_code = main()
   File "./w3af_gui", line 105, in main
     import core.ui.gui.main
   File "/pentest/web/w3af/w3af/core/ui/gui/main.py", line 51, in <module>
     from core.ui.gui.auto_update.gui_updater import GUIUpdater
   File "/pentest/web/w3af/w3af/core/ui/gui/auto_update/gui_updater.py", 
line 27, in <module>
     from core.controllers.auto_update.version_manager import VersionMgr
   File 
"/pentest/web/w3af/w3af/core/controllers/auto_update/version_manager.py", line 
26, in <module>
     from core.controllers.auto_update.git_client import GitClient, 
GitClientError
   File 
"/pentest/web/w3af/w3af/core/controllers/auto_update/git_client.py", 
line 24, in <module>
     from git.util import RemoteProgress
ImportError: No module named util

how can i fix this ?

best regards

Robert

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

Merged threading2 into master.

Guys,

    I merged threading2 into master. The threading2 branch will be
shortly removed and you shouldn't use it anymore. The "master" branch
is where you want to be! :D

Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter:  <at> w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

Wordpress vulns

List,

    Anyone knows a good source for keeping track of all wordpress (and
wordpress plugins) vulnerabilities?

    I would like to start experimenting with fingerprinting of web
apps, web plugins, and reporting vendor-specific vulnerabilities and
wordpress seemed to be a good place to start. The DB I'm looking for
would contain the following:

For wordpress:
(wp_version, vuln_desc, vuln_id, ...)

For plugins:
(wp_plugin_version, wp_version, vuln_desc, vuln_id,
plugin_source_download_url, plugin_homepage, ...)

    Ideas?

Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter:  <at> w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

w3af crached

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
W3af-users mailing list
W3af-users@...
https://lists.sourceforge.net/lists/listinfo/w3af-users