Hello all, This is mainly going out to those who are interested in the (hopefully) upcoming Security Spin. I want to establish some QA efforts as to provide a high quality experience to security professionals and hobbyists alike who are interested in the project. I would like to first do a break down of test cases for all the security-centric packages involved in the security spin as that is the "bread and butter" of the spin and are generally "niche" applications which require some sort of expertise or a slightly higher learning curve than your average web browser (just for example). Once that part is complete, I would also like to apply AdamW's Desktop Test Cases to it in order to get a higher level outlook of making sure that portion of the Spin is of high quality as well.
Here is the current list of packages shipped with the Security Spin: https://fedorahosted.org/security-spin/wiki/availableApps if anyone is familiar with any of these apps it would be greatly appreciated if you could put together a short snippet or "how to" for basic use that can be used for a test case. Feel free to reply here to this thread and I can input them into the wiki or post your results here: https://fedoraproject.org/wiki/SecuritySpin:QA_Brainstorm
Many thanks to all, -AdamM
On 02/19/2010 02:07 AM, Adam Miller wrote:
Hello all, This is mainly going out to those who are interested in the (hopefully) upcoming Security Spin. I want to establish some QA efforts as to provide a high quality experience to security professionals and hobbyists alike who are interested in the project. I would like to first do a break down of test cases for all the security-centric packages involved in the security spin as that is the "bread and butter" of the spin and are generally "niche" applications which require some sort of expertise or a slightly higher learning curve than your average web browser (just for example). Once that part is complete, I would also like to apply AdamW's Desktop Test Cases to it in order to get a higher level outlook of making sure that portion of the Spin is of high quality as well.
Here is the current list of packages shipped with the Security Spin: https://fedorahosted.org/security-spin/wiki/availableApps if anyone is familiar with any of these apps it would be greatly appreciated if you could put together a short snippet or "how to" for basic use that can be used for a test case. Feel free to reply here to this thread and I can input them into the wiki or post your results here: https://fedoraproject.org/wiki/SecuritySpin:QA_Brainstorm
I took a quick look at the available apps. Would you like to consider 'ratproxy' - a very nice open source tool for web-application security assessment from Google. Which I've used a couple of times earlier and got some really useful results.
http://code.google.com/p/ratproxy/
It could be added to the 'reconnaissance' category. (though it's a little more than just that)
Oh, and it's available in Fedora.
/kashyap
Many thanks to all, -AdamM
On Thu, Feb 18, 2010 at 2:50 PM, Kashyap Chamarthy kashyapc@fedoraproject.org wrote:
On 02/19/2010 02:07 AM, Adam Miller wrote:
Hello all, This is mainly going out to those who are interested in the (hopefully) upcoming Security Spin. I want to establish some QA efforts as to provide a high quality experience to security professionals and hobbyists alike who are interested in the project. I would like to first do a break down of test cases for all the security-centric packages involved in the security spin as that is the "bread and butter" of the spin and are generally "niche" applications which require some sort of expertise or a slightly higher learning curve than your average web browser (just for example). Once that part is complete, I would also like to apply AdamW's Desktop Test Cases to it in order to get a higher level outlook of making sure that portion of the Spin is of high quality as well.
Here is the current list of packages shipped with the Security Spin: https://fedorahosted.org/security-spin/wiki/availableApps if anyone is familiar with any of these apps it would be greatly appreciated if you could put together a short snippet or "how to" for basic use that can be used for a test case. Feel free to reply here to this thread and I can input them into the wiki or post your results here: https://fedoraproject.org/wiki/SecuritySpin:QA_Brainstorm
I took a quick look at the available apps. Would you like to consider 'ratproxy' - a very nice open source tool for web-application security assessment from Google. Which I've used a couple of times earlier and got some really useful results.
http://code.google.com/p/ratproxy/
It could be added to the 'reconnaissance' category. (though it's a little more than just that)
Oh, and it's available in Fedora.
/kashyap
Many thanks to all, -AdamM
Feel free to put in a ticket for it https://fedorahosted.org/security-spin/report/1 and I'm sure someone will get to it asap.
Many thanks for your suggestion!
-AdamM
On Thursday 18 February 2010 03:37:03 pm Adam Miller wrote:
if anyone is familiar with any of these apps it would be greatly appreciated if you could put together a short snippet or "how to" for basic use that can be used for a test case. Feel free to reply here to this thread
The prelude components have a HOWTO here: http://people.redhat.com/sgrubb/audit/prelude.txt
aide testing should only require: aide --init mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz <change some file> aide --check ausearch --start recent -m AUDIT_ANOM_RBAC_INTEGRITY_FAIL
-Steve
I added a section on nmap. If I did anything incorectly please tell me, I will not be offended (as long as you are tactfull) so that I do not repeat the mistake.
On Thu, Feb 18, 2010 at 3:20 PM, Steve Grubb sgrubb@redhat.com wrote:
On Thursday 18 February 2010 03:37:03 pm Adam Miller wrote:
if anyone is familiar with any of these apps it would be greatly appreciated if you could put together a short snippet or "how to" for basic use that can be used for a test case. Feel free to reply here to this thread
The prelude components have a HOWTO here: http://people.redhat.com/sgrubb/audit/prelude.txt
aide testing should only require: aide --init mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
<change some file> aide --check ausearch --start recent -m AUDIT_ANOM_RBAC_INTEGRITY_FAIL
-Steve
test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
On Thu, Feb 18, 2010 at 7:18 PM, James Gledhill jagledy@gmail.com wrote:
I added a section on nmap. If I did anything incorectly please tell me, I will not be offended (as long as you are tactfull) so that I do not repeat the mistake.
<snip>
That's actually perfect, I greatly appreciate you adding to this. I plan to carve off some time to contribute to the list myself but I wanted to be sure to let everyone know of the plan in case anyone was interested.
Thanks again!
-AdamM
Is this still needing more additions, because if it is I can probably add some more?
On Fri, Feb 19, 2010 at 1:39 AM, Adam Miller maxamillion@fedoraproject.orgwrote:
On Thu, Feb 18, 2010 at 7:18 PM, James Gledhill jagledy@gmail.com wrote:
I added a section on nmap. If I did anything incorectly please tell me, I will not be offended (as long as you are tactfull) so that I do not
repeat
the mistake.
<snip>
That's actually perfect, I greatly appreciate you adding to this. I plan to carve off some time to contribute to the list myself but I wanted to be sure to let everyone know of the plan in case anyone was interested.
Thanks again!
-AdamM
-- http://maxamillion.googlepages.com
() ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Yes, that would be greatly appreciated. There are many "pie in the sky plans for automated testing based on these contributions but my free time has come up short as of late and I haven't been able to dedicate the appropriate amount of cycles to getting this done. Again though, anything you can add would be very greatly appreciated!
-AdamM (From Android)
On Mar 29, 2010 6:52 PM, "James Gledhill" jagledy@gmail.com wrote:
Is this still needing more additions, because if it is I can probably add some more?
On Fri, Feb 19, 2010 at 1:39 AM, Adam Miller maxamillion@fedoraproject.org wrote:
On Thu, Feb 18, 2010 at 7:18 PM, James Gledhill jagledy@gmail.com
wrote:
I added a section...
-AdamM
-- http://maxamillion.googlepages.com -------------------------------------------...
--
test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.o...
-
Adam Miller -
James Gledhill -
Kashyap Chamarthy -
Steve Grubb