August 6, 2004

Somewhere

Everything's got to start somewhere. So I'm starting a BLOG.

Posted by benjamin at 10:40 PM

August 11, 2004

OpenSSL Certs

I pulled out some parts of others' scripts to make self-signed SSL Certs for apache in OpenBSD.

#!/bin/sh
svrname="test.server"
destdir="/var/www/conf/$svrname"
prv="private"
dname="server"

sk="$destdir/$prv/$dname.key"
csr="$destdir/$prv/$dname.csr"
crt="$destdir/$dname.crt"


echo $sk
echo $csr
echo $crt

exit

/usr/sbin/openssl genrsa -out $sk 1024
/usr/sbin/openssl req -new -key $sk -out $csr
/usr/sbin/openssl x509 -req -days 365 -in $csr \
        -signkey $sk -out $crt
Posted by benjamin at 12:07 PM

January 14, 2009

Web App Analysis Tools

Free tools
parosproxy.org
openvas.org
grendel-scan.com/blog
seleniumhq.org
http://www.cirt.net/nikto2
http://www.nstalker.com/
http://code.google.com/p/ratproxy/

Top 10 Web Vulnerability Scanners from InSecure.org (the nmap guys) in 2006 YMMV
http://sectools.org/web-scanners.html

Commercial tools
IBM App Scan (Formerly Watchfire)
HP WebInspect
Hail Storm

Documentation
owasp.org
webappsec.org


http://codefromthe70s.org/sslblacklist.aspx Firefox plug-in

Posted by benjamin at 9:11 AM