Google gives away a free web application security scanner

Google announced the release of ratproxy, a passive web application security assessment tool that they’ve been using internally at Google. This utility, developed by their information security engineering team, is designed to transparently analyse legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern.

The proxy analyses problems such as cross-site script inclusion threats, insufficient cross-site request forgery defences, caching issues, cross-site scripting candidates, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more.

Find out more

Is this the future of Web application development?

Drag and drop widgets to build Web applications, in minutes, with minimal code.

WaveMaker Visual Ajax Studio is an easy-to-use visual builder that enables the drag & drop assembly of scalable, web-applications using Ajax widgets, web services and databases. WaveMaker Studio will look and feel especially familiar to client/server developers who are used to working with visual tools. WaveMaker’s Studio enables data-driven and web-services based applications to be quickly created without complex code, forms, patterns or portal frameworks.

Features

  • Drag & Drop Assembly
  • LiveLayout
  • Push to Deploy: One-touch application deployment
  • Visual Data Binding
  • SOAP, REST and RSS web services
  • Leverage existing CSS, HTML and Java
  • Deploys a standard Java .war file
  • It’s free!

See it in Action

Web Applications: Spaghetti Code for the 21st Century

The software industry is currently in the middle of a paradigm shift. Applications are increasingly written for the Web rather than for any specific type of an operating system, computer or device. Unfortunately, the technologies used for Web application development today violate well-known software engineering principles. Furthermore, they have reintroduced problems that had already been eliminated years ago in the aftermath of the “spaghetti code wars” of the 1970’s.

In this paper, Tommi Mikkonen and Antero Taivalsaari, investigate Web application development from the viewpoint of established software engineering principles. They argue that current Web technologies are inadequate in supporting many of these principles. However, they also argue that there is no fundamental reason for Web applications to be any worse than conventional applications in any of these areas. Rather, the current inadequacies are just an accidental consequence of the poor conceptual and technological foundation of the Web development technologies today.

Web Applications – Spaghetti Code for the 21st Century (PDF)

Search your code for vulnerabilities

I’m a big fan of PHP_CodeSniffer and I think it’s a great development tool, it ensures that you write code that is easy to read and maintain. But, what about making sure that the code you write is secure and doesn’t have any vulnerabilities?

Right, there’s another tool for that…

PHP Security Scanner is a tool written in PHP intended to search PHP code for vulnerabilities. MySQL DB stores patterns to search for as well as the results from the search. The tool can scan any directory on the file system.

Check out the Website

Web Application Security Scanner

Web security is possibly today’s most overlooked aspect of securing the enterprise and should be a priority in any organization.

Recent research shows that 75% of internet attacks are done at web application level.

Web application security scanners ensure website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities.

There are a few good security scanners that you can use to test the security of your site, and Scavenger is one of them.

Tell me more about Scavenger…

Scavenger is an open source real-time vulnerability management tool. It helps you respond to vulnerability findings, track vulnerability findings, review accepted or false-positive answered vulnerabilities, and not ‘nag’ you with old vulnerabilities.

Scavenger parses the results from a Nessus scan and stores them in a MySQL database. From that point, a user can login to a web interface and answer a vulnerability as ‘addressed’, ‘accept’, or ‘false-positive’. If an administrator answers accept or false-positive, Scavenger will not insert a new vulnerability again. However, if a user marks a vulnerability as ‘addressed’ and it comes up again in a scan, it will insert a new vulnerability into the database.

Visit the Website

Magento 1.0 Released! Open Source eCommerce Evolved

magento_stable_graphic_sm.jpg

Varien, one of the most important eCommerce development and consulting firms in the world, has taken eCommerce to a completely different level with the latest release of Magento 1.0. An amazing, flexible, modular and scalable open-source eCommerce solution, powered by one of the most popular systems on the web today, the Zend Framework.

Congratulations to Varien and the development team! This application will definitively change the way we make business on-line.

Watch the video: Magento 1.0

Rapid Software Development and Collaboration

assembla2.jpg

Get free workspaces with unlimited team size and integrated tools like wiki, discussion, alerts, chat, Subversion and Trac.

Team

The Team page gives you an easy way to invite new team members and manage permissions for existing users. Spaces can be public, or private and visible only to team members. Team permissions are integrated with Trac, Subversion, and other tools.

Trac / SVN

Manage your releases with Trac, the popular open source ticketing system. Link it to your code in Subversion, the industry standard SCM system, or Mercurial, the distributed alternative. Use Trac to browse your changesets.

Tickets

The Tickets tool integrates tickets for features, bugs, and tasks into an Assembla space. It is a more integrated alternative to the external Trac ticket list.

Scrum

Collects a daily report in the stand-up meeting format: “What I did”, “What I will do”, and “Roadblocks / What I need”.

Visit Assembla.com

Issue Tracker extension for MediaWiki

mediawiki_logo.jpg

MediaWiki is definitely one of the most widely used and best known Wikis out there, it powers Wikipedia.com, but I’m sure you already knew that. I’ve been using it at work to record and document all our internal systems and projects. It’s a great tool, it allows developers and projects managers to collaborate, provide and share information in a very simple and organized way.

In the last couple of months, I’ve been developing some extensions for MediaWiki, the latest one is called Issue Tracker. Watch the following screencast to know more about this extension:

Screencast