As sent to the owasp-dotnet list, here is what I think are the first steps required in order to create an HtmlAgilityPack-based Sanitizer assembly (as a stand alone module).
Sunday, 10 February 2013
Using ContractAttributes to let ReSharper engine understand null checking methods
One of my favorite Extension Methods in FluentSharp is the .isNull() which will return null if the object it is used on is null.
Saturday, 9 February 2013
Webinar: Why Software is Still Insecure
Ed and Charles (from SI) are doing a webinar on Feb 20th about why (in most cases) the software industry have not (yet) figured out how to integrate security into the software development lifecycle (in a repeatable, measurable and visible way).
I couldn't agree more and I’m looking forward to hearing what they have to say :)
You can read more about it and register here
I couldn't agree more and I’m looking forward to hearing what they have to say :)
You can read more about it and register here
What does the .html() FluentSharp Extension Method does
Well it gets the HTML code of a particular URL :)
And it does the same thing as the FluentSharp BCL's .GET() extension method.
And it does the same thing as the FluentSharp BCL's .GET() extension method.
Friday, 8 February 2013
OWASP O2 Platform v5.1 is now available
I just published version 5.1 of the OWASP O2 Platform which you can download from here (hosted at Google Code downloads)
O2 Script to create Google Static map with OWASP UK Chapter locations
There is a thread at OWASP UK about organizing the OWASP EU conference for 2014, and one of the questions asked was ‘where are all UK chapter located?’
Thursday, 7 February 2013
Tool - View .NET Assembly References Mappings.exe
Here is a ‘simple’ .Net mini-tool that shows two TreeViews with .Net assemblies reference's dependencies (I used it today to figure out how many dependencies a particular dll had).
You can download this O2 Platform tool from: Tool - View .NET Assembly References Mappings.exe (5Mb)
You can download this O2 Platform tool from: Tool - View .NET Assembly References Mappings.exe (5Mb)
First batch of questions for .NET Developer contracting work
Regarding the Two 6-months contract to work on TeamMentor (QA and Dev) here is my first batch of questions to the candidates:
Wednesday, 6 February 2013
Me and Jim Manico
I really like Jim. He is passionate, loves OWASP and has great energy.
Although he is from the Hawaii, he has Italian Sicilian blood, which means that his first reaction tends to be a bit off piste. But he listens well, he has an amazing breadth/depth of technological skills and is (like me) trying to change/fix the world.
These days, since I'm not in any position of power at OWASP (I left the Board two years ago), I am in a very privileged position where I can speak freely about my ideas (see You will not have your best ideas when you are in a position of Power). And as you can see by the 46 posts (so far) on this blog about OWASP I have been doing that a lot :)
Although he is from the Hawaii, he has Italian Sicilian blood, which means that his first reaction tends to be a bit off piste. But he listens well, he has an amazing breadth/depth of technological skills and is (like me) trying to change/fix the world.
These days, since I'm not in any position of power at OWASP (I left the Board two years ago), I am in a very privileged position where I can speak freely about my ideas (see You will not have your best ideas when you are in a position of Power). And as you can see by the 46 posts (so far) on this blog about OWASP I have been doing that a lot :)
Running Minecraft on Raspberry PI
Raspberry PI is amazing!!!!!!!!
Last week I got one of the PI kits + books, and am having a great time teaching my kids how to use it (and how to write games like the PacMan using scratch)
Of course that what my 7 year old really wanted was to play Minecraft on the PI, and although there is no 'official' release (even the 'unofficial version' was removed by the author), I was able to get it to work using the instructions at Raspberry Pi - Install Minecraft - leaked pre release
Last week I got one of the PI kits + books, and am having a great time teaching my kids how to use it (and how to write games like the PacMan using scratch)
Of course that what my 7 year old really wanted was to play Minecraft on the PI, and although there is no 'official' release (even the 'unofficial version' was removed by the author), I was able to get it to work using the instructions at Raspberry Pi - Install Minecraft - leaked pre release
RazorEngine is a great way to parse and render ASP.NET Razor views
I've been trying the RazorEngine on TeamMentor to parse Razor CSHTML files, and I'm very happy with it so far.
Basically, RazorEngine is what Microsoft should had created in the first place: a simple way to parse and render CS-powered Html Razor views.See the examples at http://razorengine.codeplex.com . As comparison, take a look at What a 'salad of DLLs' are the ASP.NET MVC 4.0 template projects
RazorEngine was created by Matthew Abbott from FidelityDesign who seems to be as crazy as I am. For example, see his A Tale of Epic Epicness… post :)
If only I could get Matthew to take a look at the OWASP O2 Platform and its C# REPL environment, I'm sure he would love it :)
Basically, RazorEngine is what Microsoft should had created in the first place: a simple way to parse and render CS-powered Html Razor views.See the examples at http://razorengine.codeplex.com . As comparison, take a look at What a 'salad of DLLs' are the ASP.NET MVC 4.0 template projects
RazorEngine was created by Matthew Abbott from FidelityDesign who seems to be as crazy as I am. For example, see his A Tale of Epic Epicness… post :)
If only I could get Matthew to take a look at the OWASP O2 Platform and its C# REPL environment, I'm sure he would love it :)
Call For Training - OWASP 2013 LATAM Tour
Please see bellow's Kate's email about the amazing OWASP Tour that they are organizing at LATAM. As the guy who did the first OWASP Tour I'm very happy to see that this idea is finally taking shape.
Now if only we could do the same around Europe :)
Now if only we could do the same around Europe :)
Btw, If you are in the Latin America (or want to go there), this is a great opportunity to be involved
SRE and Package HtmlAgilityPack Sanitizer as a stand alone module (at OWASP .Net)
Here's an email I wrote to Jim Manico on the owasp-leaders list about the Microsoft's SRE (Secure Runtime Engine) which is part of the WPL Web Protection Library http://wpl.codeplex.com (where AntiXSS comes from) and the Sanitization/Encoding capabilities of the HtmlAgilityPack
tl;rd: There is a good opportunity for OWASP to be involved since there doesn't seem to be a clear solution out there (at the moment)
tl;rd: There is a good opportunity for OWASP to be involved since there doesn't seem to be a clear solution out there (at the moment)
JetStrap - Great way to create BootStrap CSS
Just found JetStrap which is a web based WYSIWYG editor for Boostrap css
Here is a video that shows it in action:
Here is a video that shows it in action:
Sunday, 3 February 2013
REPL GUI for Clojure-CLR (C# port of Lisp’s Clojure)
Here is a script/tool I wrote a while back (when I wanted to see what Lisp was all about), where I created a REPL Gui based on the amazing Clojure-clr project (which is CLR port of Clojure)
You can download this O2 Platform tool from: Util - Clojure-clr REPL (Lisp) v.2.0.exe
This is a 9Mb standalone exe (only requirement is the .NET Framework 4.0 running on a Windows box):
You can download this O2 Platform tool from: Util - Clojure-clr REPL (Lisp) v.2.0.exe
This is a 9Mb standalone exe (only requirement is the .NET Framework 4.0 running on a Windows box):
Saturday, 2 February 2013
Real-Time Write to WebBrowser showing WCF REST API page, using HttpContent.Response, from C# REPL Script
In this post I will show a powerful technique for ASP.NET Debugging/Programming, where the Web C# REPL that I recently added to TeamMentor is triggered from a WCF REST API, in such a way that the HttpContext can be programmed in real-time, with the added bonus that the HttpContext.Response OutputStream stays open (and can be written to multiple times).
It all starts with a new TeamMentor REST API method called ‘/admin/scripts/{name}’ :
It all starts with a new TeamMentor REST API method called ‘/admin/scripts/{name}’ :
Friday, 1 February 2013
Manipulating Asp.NET Session Variables (from the server)
Based on this code sample List all active ASP.NET Sessions from StackOverflow, I wrote the following script, which uses reflection to access and modify Session values, from current ASP.NET users:
Using CSharp Web REPL from TeamMentor Control Panel
I needed to do some live debugging on TeamMentor, so I just added a simpler version of the CSharp-REPL Web to it.
To access it, go to the TeamMentor's Control Panel, and click on the C# REPL link:
To access it, go to the TeamMentor's Control Panel, and click on the C# REPL link:
Subscribe to:
Posts (Atom)