Tuesday, 4 December 2012

F1 How To - Scanning HacmeBank WebServices v0.6 (from 2008)

Another one from the O2 Archives, here is a pdf (shown below) that I wrote in June 2008 that showed how to use F1 (what the O2 Platform used to be called before it was Open Sourced) to scan HacmeBank Website and WebServices

Check out the consolidated graphs that I was able to create at the time. Pretty cool way to visualize multiple traces in one graph :)

The 2nd part of the document, shows how F1 was used to auto-create-callbacks (i.e. tainted sources) in the OunceLabs engine (this feature has since been added to the latest version of IBM AppScan Source)


As you will see at the end (and by version number), I never finished this document....