I <3 Bots!
Subscribe to the RSS feed

Keyword - todo

Entries feed - Comments feed

Tuesday, October 16 2007

Stuck at data-flow? Do box-modeling!

By Romain on Tuesday, October 16 2007, 11:31 UTC - Stuffs

Since yesterday, I'm working on a data-flow problem. I need to model a function and I should do all the data-flow process. Well, that's kinda long if I have to do that on all functions and especially I will never use much of the information I would generate by analyzing the tree associated to the function (local variables etc.). So what the point of doing that? None.

I was stuck at this point, didn't find a good way to model a function (entry parameters, global calls etc.) so I thought of reasoning as a crystal ball. I can see what it is, but it's kinda blurry :) I am now modeling a function as inputs and outputs, only in terms of functions and global variables interaction. By this, I should be able to see the possible interaction of the given function on the system. Hope it's gonna work well!

no comment

Thursday, January 11 2007

What I want to for early 2oo7.

By Romain on Thursday, January 11 2007, 11:44 UTC - Stuffs

Even if i'll be busy with papers and tests, I really would like to do different things:

  1. Grabber: Adding an encoding stuffs for testing with different type of charsets (UTF-7/8/16 and other type of languages)
  2. Create a JavaScript functional analyzer: I've been thinking on this for a while, I think this is a good idea to detect XSS. I was thinking of using Stratego/XT for the parsing/AST construction; but still, because it's javascript, it's really hard to parse every possible things.
  3. XSS Handler: Just for fun, I want to do a PHP function for preventing XSS (using mb_strings) and the same kind of thing in Python

no comment

Wednesday, January 10 2007

Test Suites for Web Application Scanners

By Romain on Wednesday, January 10 2007, 19:04 UTC - Tools

For a while, I've been working on a test suite for evaluating web application scanners. Now I have a test suite (PHP/MySQL/AJAX) with a bunch of variable vulnerabilities:


But there is a problem for a full evaluation. Web Application are not only a simple schema of scripts and databases and complex relation, there is also server configuration, infrastructure, different type of databases etc. Thus, I really have to create different test suites for a good coverage of what web apps could be.
I plan to use:

  • Ruby On Rails framework
  • ASP.NET/MS SQL based application
  • JSP application


This should cover the differnt type of application but I still have to think about server types, architectures,multiple databases etc.

no comment

Monday, December 18 2006

Application to test

By Romain on Monday, December 18 2006, 07:58 UTC - Stuffs

For a study I'm looking for some "famous" OpenSource web application in PHP.
The two first I have selected are two CMS:

I also need to select some well known application, I can think of twatch, phpmyvisites etc. but I really have to make my mind of any restriction on the application I need to "test".

no comment

Monday, December 11 2006

Updated todo list...

By Romain on Monday, December 11 2006, 13:58 UTC - Tools

  • Add the possibility to isolate a type of vulnerability in the test suite
  • Add the different encodings attack based in Grabber

no comment

Thursday, December 7 2006

todo

By Romain on Thursday, December 7 2006, 14:47 UTC - Stuffs

  • Add the different encodings attack based in Grabber
  • Write a tutorial on File Inclusion attacks for the test suite application
  • Release version of Grabber that are not "developer version" but really usable

no comment

I <3 Bots!