Blog posts on O2 scripts covering: JavaScript, OpenXML, GIT, PuttyGen, RDP, .NET Static Analysis

Here a couple more Blog Posts on O2 Scripting that I published recently at the O2 focused blog http://o2platform.wordpress.com:

• O2 Script: Util - Javascript Object viewer
• O2 Script: Manipulating RadioButtons
• O2 Script: Quick File Viewer
• Making HttpRequest QueryString and Form Editable
• O2 Script: loading data from an Xslx (OpenXml) file
• Decomposing an Lamba method used in an O2 Script
• O2 Script: Installing TortoiseSVN and ProcessExplorer
• O2 Script: Creating a Git Clone using TortoiseGIT
• O2 Script: adding the SSH Key to GitHub
• O2 Script: automating PuttyGen to create Public and Private Keys
• O2 Script: Automating TortoiseGit installation
• Custom O2 for .NET Static Analysis
• O2 Script: Testing for RDP server
• Running Javascript in O2's IE Automation environment

If you want a way to start on your C# based O2 scripting activities, documenting some of these scripts, would be a great activity :)  This would really help you to understand how they work.

Working with SI on Team Mentor and OWASP projects

In a model very similar to the contracts I had previously with Ounce Labs and ABN AMRO, I recently signed a professional services contract with Security Innovation

This is quite an exciting opportunity for me. Not only I'm going to be working with great people, the TeamMentor project has lots of potential and the SI guys seem very interested in O2.

Here are my areas of responsibilities (verbatim from my contract):

• TeamMentor Product Development - Taking full responsibility for the TeamMentor product
• TeamMentor Metrics - Understanding and visualizing how the product is currently used
• SI Community outreach - Representing SI in the industry
• Leadership of OWASP Projects: OWASP Exams, OWASP Certification, OWASP Academies, OWASP SDL Implementation project
• Presentations at OWASP , developer’s Conferences (TBD) or WebCasts (TBD)
• Blog and article creation
• O2 Integration with SI Product and services - Introduce SI teams to O2 capabilities and features

An interesting note, is the fact that this is one of the first times that my OWASP involvement is directly mapped into one of my contracts.

My initial focus is going to be on the TeamMentor product, which should keep me busy for the first month(s).

What is also VERY interesting 'from the point of view of Application Security', is that I am now going to be directly involved and responsible for an application's security (so if you find a vulnerability in TeamMentor please email it to me ASAP :) ).

This relationship will also (occasionally) put me in a position where I am representing an 'vendor'. This is going to force me to be very disciplined in my OWASP relationships, and I will want to take this opportunity to clarify the 'OWASP-rules-of-engagement' between commercial parties and OWASP (something that today is a very fuzzy area)

Let me know what you think of this, and (since it will change quite a bit) keep an eye on TeamMentor :)

O2 Script: DWR FunctionsViewer and Invoker

If you are using (or testing) DWR, you might find the O2 scripts I just published quite interesting and useful:

• Here is an initial blog post that explains the new GUI: http://o2platform.wordpress.com/2011/03/07/o2-script-dwr-functions-viewer-and-invoker
• Here is the API that processes the DWR Javascript interfaces and creates a number of O2 objects that allow its easy manipulation and invocation: DWR_API.cs

There are quite a number of powerful O2 techniques at play here. For example note the use of the HtmlAgilityPack to quickly fetch the details of a web page's links, or the use of Jint (Javascript Interpreter for .NET) to access the AST of the dynamically created DWR's Javascript pages (which contain the details of the java functions that can be involved on the server)

Note: DWR is a Java/Javascript AJAX-powerhouse Web Remoting technology (see http://directwebremoting.org for more details)

O2 Scripts: Adding sites to IE zone, Registy Editor, Workpress Editor, Downloading files

Recent blog posts on O2 Platform's developer's blog that show a number of O2 Scripts in action:

• Using WatiN as a browser automation engine
• O2 Method: Adding sites to IE trusted zones
• O2 Script Sequence: Creating a Windows Registry Viewer
• O2 Util: Add sites to IE trusted zone
• O2 Util: WordPress Editor 
• O2 Script: Downloading File

I'm happy to provide more details on these scripts, so just add a comment on where you have questions and I will answer it there