Note the request for support for the GSD project which you can read about at OWASP GSD Project (GSD = Get Stuff Done) and Some ideas for OWASP GSD Project
Thursday, 31 January 2013
OWASP Connector January 22, 2013
Here is OWASP Connector for January 22, 2013
Note the request for support for the GSD project which you can read about at OWASP GSD Project (GSD = Get Stuff Done) and Some ideas for OWASP GSD Project
Note the request for support for the GSD project which you can read about at OWASP GSD Project (GSD = Get Stuff Done) and Some ideas for OWASP GSD Project
OWASP Connector January 8, 2013
Here is the January 8th OWASP Connector (pretty cool ins't it?)
Great stuff from the OWASP's OpsTeam:
Great stuff from the OWASP's OpsTeam:
Wednesday, 30 January 2013
Why Can't We Get Anything Done?
Here are '...16 rules that explain why, despite so much knowing, there's so little doing...': Why Can't We Get Anything Done?
I saw this from the latest Seth Godin's daily post which i get on email every day (subscription page is here)
I saw this from the latest Seth Godin's daily post which i get on email every day (subscription page is here)
HubSpot OAuth Implementation Plans
Following First PoC of TeamMentor integration with HubSpot here is the brief agreed with Justin (a developer I found in elance.com)
Stats used to support OWASP Top 10 entries (next version must publish them)
Following from Should Mass Assignment be an OWASP Top 10 Vulnerability?, if I want to make the case for MA (Mass Assignment) to for example replace the A10 - nvalidated Redirects and Forwards, I will need to provide data and analysis to justify it.
Unfortunately, for practical reasons, there is no published data to back up the current OWASP Top 10 entries.
Unfortunately, for practical reasons, there is no published data to back up the current OWASP Top 10 entries.
Why NDAs have no place at OWASP
I was looking for a place to link why it is such a bad idea for OWASP to consider or accept the idea of signing NDA's with 3rd parties, and since I couldn't find it on the OWASP Wiki, I'm reposting here what I wrote in June 2011:
Google/Trimble SketchUp looks really cool
Just read a review of Google SketchUp which seems to be a pretty powerful 3D Auto-Cad-like tool to design buildings and shapes.
You can download it from here and there is a vibrant community around it here
This could be another way to get kids engaged in programming and coding :)
You can download it from here and there is a vibrant community around it here
This could be another way to get kids engaged in programming and coding :)
Saturday, 26 January 2013
'Aaron's Army' and 'Aaron's suicide: System Contributed, Society Perpetuated'
Aaron's death should be a big wake up call for our industry. It is easy to forget that the crazy computer Laws our governments have published (including the UK's CMA) have real consequences.
Aaron's death for example :(
Please read the Aaron's Army which is a Memorial for Aaron Swartz at the Internet Archive.
Jeremiah Grossman also posted an amazing (and personal) post which is also a must read
Aaron's suicide: System Contributed, Society Perpetuated
Aaron's death for example :(
Please read the Aaron's Army which is a Memorial for Aaron Swartz at the Internet Archive.
Jeremiah Grossman also posted an amazing (and personal) post which is also a must read
Aaron's suicide: System Contributed, Society Perpetuated
Contract work to help with OWASP Wiki edits
Here is an email I just sent to a couple contacts Samantha Groves (OWASP Project manager) gave me as resources I could use to make changes/edits to the OWASP wiki.
Feedback needed on 'Static Analysis Tool Evaluation Criteria'
Sherif Koussa is looking for feedback on the Static Analysis Tool Evaluation Criteria document he is working on.
This is a really important document/criteria which would help SAST users to know which is the best tool for their needs.
It looks good and I will try to read it in the next week or so.
There is a mailing list which you should join if interested in this topic.
This is a really important document/criteria which would help SAST users to know which is the best tool for their needs.
It looks good and I will try to read it in the next week or so.
There is a mailing list which you should join if interested in this topic.
Should Mass Assignment be an OWASP Top 10 Vulnerability?
I was just having a thread with Dave (who is working on the OWASP Top 10 2013) about the idea that Mass Assignment vulnerabilites should be part of the next OWASP top 10, and here is his view:
Asking the OWASP leaders to help with my request to help Ian
Just sent this request to the owasp-leaders list:
This is a weird request, but there has been some great developments around O2 and IBM which could be great for our industry, and really push this area of research to the next level.
This is a weird request, but there has been some great developments around O2 and IBM which could be great for our industry, and really push this area of research to the next level.
tl;dr: if you complain about the fact that SAST tools like AppScan Source don't really 'work' in the real-world, and wish they could be more customisable, please send your support, ideas, thoughts and requests to ianspiro@us.ibm.com
Please show Ian Spiro your support for his IBM AppScan research, ideas and energy
tl;dr: if you complain about the fact that SAST tools like AppScan Source don't really 'work' in the real-world, and wish they could be more customisable, please send your support, ideas, thoughts and requests to ianspiro@us.ibm.com
---------------------------------------------------------------------------------------------------
Sometimes one has to go on the record and publicly support who deserves it.
Ian Spiro is one of them.
---------------------------------------------------------------------------------------------------
Sometimes one has to go on the record and publicly support who deserves it.
Ian Spiro is one of them.
Friday, 25 January 2013
GUI with WebStorm and JsTestDriver controlling 3 Hijacked Browser windows (Chrome, Firefox and IE)
Following from PoC - Selenium - Gui with 3 Hijacked Browser Windows and Running JavaScript TestCase Unit Tests using JsTestDriver (in WebStorm) here is a similar PoC, now with JsTestDriver controlling 3 Browsers in the same GUI:
Running JavaScript TestCase Unit Tests using JsTestDriver (in WebStorm)
As part of the process of adding more UnitTests to TeamMentor (while using WebStorm) I’m starting to convert some of QUnit Tests written a while back into JsUnitRunner (which I can execute directly from WebStorm’s IDE)
The process is quite easy since WebStorm already supports JsUnitRunner, which is explained in detail in this JetBrains JavaScript unit testing support blog post.
The process is quite easy since WebStorm already supports JsUnitRunner, which is explained in detail in this JetBrains JavaScript unit testing support blog post.
Wednesday, 23 January 2013
Trying out SendGrid for cloud-based emailing (with nice intro video)
I need a solution to send emails (TeamCity build events, TeamMentor user’s activities, etc…), which basically means that I need an SMTP server.
Looking around it looks like there are 4 solutions:
Looking around it looks like there are 4 solutions:
- build an manage an SMTP server
- use a google gmail account (via smtp)
- use Amazon Simple Email Service Beta (Amazon SES)
- use SendGrid
The power of Static Analysis to create solid code (in this case JSLint)
I just spent some time using JSLint inside WebStorm cleaning up and refactoring the TeamMentor’s GlobalVariables.js file, so that It shows the much desired green box (top right)
Can Git be used instead of Word's 'Track Changes'
Absolutely.
Text changes are just a simplified version of source code :)
Here are a number of really amazing 'non-code' stuff that is happening with Git's content-versioning capabilities:
Text changes are just a simplified version of source code :)
Here are a number of really amazing 'non-code' stuff that is happening with Git's content-versioning capabilities:
Great Visualization presentation and style from Hans Rosling
From Arvind's Fantastic data visualizations post, here are two TED videos that show Hans Roslin's brilliant way to present lots of data, using powerful visualization tools and animation:
Daniel Pradilla on 'Stop punishing your users and learn some design'
Daniel Pradilla has a great post on Stop punishing your users and learn some design which is also been discussed on reddit
Try F# online (using Silverlight)
Just noticed the http://www.tryfsharp.org/ which looks really good:
Why does YouTube still require Flash in Jan 2013!!!!
I thought flash was over and I find it ridiculous that I need to have it just to see a Video:
Subscribe to:
Posts (Atom)