Well I'm back from (sometimes) sunny shetland. Thanks to some rain and a laptop I'd taken I got some work done on a tool I've started developing for my SANS GSOC gold paper.
RoraScanner is a Oracle 10G security scanner written in ruby. I'm enjoying writing it at the moment as it's let me develop my ruby skills and my oracle skills at the same time.
Hopefully it'll also become a reasonably useful security scanner!
well like some others in the security blogosphere I'm off on my holidays for the next couple of weeks to lovely shetland. Nice place, but not renowned for the density of it's Wi-Fi hotspots so I'll probably be offline for a bit...
Matasano Chargen Random Thoughts On OWASP
One of those times when I start writing a comment on a post and end up rambling for so long that it ends up being worth a post...
--
I'll chime in on the OWASP needs some staff line. I know they've got loads of great people running it but I reckon they could benefit from some people to focus on specific areas of OWASP.
A good example.. the website. Wikis are great for some types of site and information but personally I think that finding things on the current OWASP site is harder than it should be.
The only way that I've found to tell what's happening on the site seems to be to look at the wiki recent changes list, which isn't a very user friendly experience.
Also some of the great information that is on there is not well flagged up. An example would be this page which has a really cool list of web app. security stuff but I only found it digging through the diffs, usually I wouldn't think to go into a specific chapter to find that.
Another example, where I think a permanent staff member would be useful, is administering the SPOC projects and chivying the people assigned to them for updates.
Right now it's rapidly turning into a summer/autumn of code not spring ;o) . the status page that's gone up has all the projects at 0% complete !
All In all I think OWASP are doing some great work, a lot of which may be less appreciated 'cause it's not as discoverable as it could be....
I've had to switch comments and trackbacks off on the blog at the moment. Turns out that my little converted NAS box that I've moved over to is great at static content but not so good a CGIs, so when comment/trackback spammers hit it a lot it overheats!
Going to look into maybe moving the blog to a hosted solution, so hopefully get all back to normal when that happens...
Edit: I've tried something which *may* sort the problem so comments back on for now...