GSoC 2014 - The end

Published on Monday, 18 August 2014 in Gsoc 2014, Python ; tagged with gsoc, 2014, project, owasp, owtf, security, pentest, python ; text version

Every story has an end. The GSoC 2014 is now over, I sent my final report a couple of hours ago and now I wait for their verdict.

If you haven't read my previous posts of GSoC, I spent the last couple of months working for OWASP, on their OWTF project. It aims to provide an efficient approach to combine the power of automation with the out-of-the-box thinking that only a human being can provide.

My job? Implement an automated ranking system that will help the user to focus her/his attention on the most likely weak areas of a web application or network first.

I said that every story has an end but this one hasn't reached it yet! Though the GSoC has come to its end, I am staying around for a while and that is for sure.

I realize that a long post is too often boring. I even find difficult to read some of the previous posts relating to the development of my project. Therefore I will try to keep this one short and concise.

Continue reading

GSoC 2014 - 3rd month

Published on Wednesday, 02 July 2014 in Gsoc 2014, Python ; tagged with gsoc, 2014, project, owasp, owtf, security, pentest, python ; text version

The third month of GSoC 2014 is now over. Sadly I had a lot of exams these last couple of weeks (school projects, oral presentations, theoretical exams, etc.) which means that this post will be brief.

Nevertheless, I managed to enhance PTP's architecture and I think this could be interesting. I also completed the documentation of the project using Sphinx not that anyone cares.

Continue reading

An extra argument on a flexible decorator

Published on Wednesday, 25 June 2014 in Python ; tagged with python, decorator, function, extra, argument ; text version

Recently, I worked on a fix for an issue that was reported on OWTF's github page, which shows that OWTF had some permission errors that were not well processed.

After two first attempts to fix that bug (that were not satisfying in my opinion), I proposed another solution that is cleaner and more stable.

My fix requires to decorate some basic i/o python functions in order to intercept the OSError and IOError and properly exit OWTF.
Since the project is multi threaded, not catching such errors would freeze the program (that is what was happening in the issue I mentioned above).

I thought I could show how the fix works and how I added an extra argument to these i/o functions.

Continue reading

GSoC 2014 - 2nd month

Published on Monday, 09 June 2014 in Gsoc 2014, Python ; tagged with gsoc, 2014, project, owasp, owtf, security, pentest, python, javascript, js, jquery, library ; text version

It is time for the second monthly post about my GSoC project which is to implement an automated ranking system for OWASP - OWTF.

Today I am going to show the last modification I have done on the classful plugin system. Then I present my new library that aims to be the solution for my project: PTP and I finish with the new OWTF's plugin report template that I have created.

Continue reading

Partial commit with Git

Published on Saturday, 10 May 2014 in Trick ; tagged with trick, git, add, patch, commit ; text version

Have you ever been in a situation where you are constantly using a tool and you feel like it misses an important feature for you?

Well a couple of days ago I felt like you with Git but not anymore thanks to git add --patch!

Continue reading License WTFPL2