More Security Testing
I continued my security testing and responded to a problem about the PAR.
Posted on Thu, 02 Jul 2009 Tags: python
Hacker Repellent
I spent the day looking for security holes in python software on sitar in the cmd directory.
Posted on Wed, 01 Jul 2009 Tags: python
Big Boss
I started the day looking at a fix for the RSS bug that took our site down over the weekend. I got drafted into looking for security holes in some user web scripts. In between I fielded calls assigned to our group and responded to some myself.
Posted on Tue, 30 Jun 2009 Tags: zope
Tests and Fixes
I I tested the new diagram submission form (it passed) and then went back to testing and fixing cmlib.
Posted on Fri, 26 Jun 2009 Tags: perl zope
Testing and Looking
I retested the changes for the next par release and looked at the Zope LDAP Manager code to find where LDAP attributes are defined. In turned out to be SchemaDefaults.py
Posted on Thu, 25 Jun 2009 Tags: par ldap
PAR Time
I checked out a php script for security problems, wrote my par employee comments, and did a project review for my two ldap projects.
Posted on Wed, 24 Jun 2009 Tags: ldap
Security Checking
I finished my security testing. No additional vulnerabilities were found. I tlaked with Greg about Jared's problems and worked some more on debugging stiki.
Posted on Tue, 23 Jun 2009 Tags: perl
Testing
I sent a new message to Jared documenting the par ldap interface. I finished testing Greg's modifications to the par. Then I went back to my security audit.
Posted on Wed, 17 Jun 2009 Tags: par perl
Par Is Still With Us
I spent the day answering a question by Jared and testing recent changes to the par application.
Posted on Tue, 16 Jun 2009 Tags: par
Security
I looked for security holes in our web applications in order to justify spending more time on this work and it didn't take me very long to find a hole in one of our cgi-bin scripts.
Posted on Fri, 12 Jun 2009 Tags: web