• Subscribe to this RSS Feed
  • Yermo
    Yermo
    Google Releases a Web-App Case Study For Hackers
    05/06/2010 11:56AM

    As reported on slashdot:

    "The San Francisco Chronicle reports that Google has released Jarlsberg, a 'small, cheesy' web application specifically designed to be full of bugs and security flaws as a security tutorial for coders, and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities."

  • 7 Phases of a Project
    04/16/2010 8:37PM
    Yermo
    Yermo

    As more and more friends of mine move over to government work, I was reminded of the 7 phases of a government project:

    1. Exultation

    2. Disenchantment

    3. Confusion

    4. Search for the guilty

    5. Punishment of the innocent

    6. Accolades for the uninvolved

    Enjoy. ;)

  • Couple of business networking sites
    04/12/2010 2:52PM
    Yermo
    Yermo

    http://www.startupnation.com/community/

    http://econnect.entrepreneur.com/

  • Google releases free security scanner tool.
    03/21/2010 12:56PM
    Yermo
    Yermo
    As reported on slashdot.org, Google has released a free web application security scanner called SkipFish.
  • On Fedora Core 12, SELinux, Apache and formVista
    03/10/2010 6:10PM
    Yermo
    Yermo

    I tend to create my own directory heirarchies when I set up new websites. 

    I recently switched to the Fedora Core 12 desktop linux distribution for my development environment. When attempting to install formVista using the setup program I wrote, I kept running into weird permission denied errors. 

    It turned out to be an SELinux policy violation. I had not set the required SELinux "type" on my custom "html" directory.

    Instead of just disabling SELinux, I did some searching around and determined I needed to add the "httpd_sys_content_t" type to my directory.

    chcon -Rt httpd_sys_content_t html

    which basically says add the "http_sys_content_t" type to everything in the html directory.

    There's a nice SELinux administration tool available for Fedora Core 12 which lists out all the various settings available and it was intrumental in helping me find the correct setting. It's called system-config-selinux and is part of the policycoreutils-gui package.

  • 1 2 3 4 >>
Advanced Search

Categories

Archives