On Thu, Feb 18, 2010 at 2:50 PM, Kashyap Chamarthy kashyapc@fedoraproject.org wrote:
On 02/19/2010 02:07 AM, Adam Miller wrote:
Hello all, This is mainly going out to those who are interested in the (hopefully) upcoming Security Spin. I want to establish some QA efforts as to provide a high quality experience to security professionals and hobbyists alike who are interested in the project. I would like to first do a break down of test cases for all the security-centric packages involved in the security spin as that is the "bread and butter" of the spin and are generally "niche" applications which require some sort of expertise or a slightly higher learning curve than your average web browser (just for example). Once that part is complete, I would also like to apply AdamW's Desktop Test Cases to it in order to get a higher level outlook of making sure that portion of the Spin is of high quality as well.
Here is the current list of packages shipped with the Security Spin: https://fedorahosted.org/security-spin/wiki/availableApps if anyone is familiar with any of these apps it would be greatly appreciated if you could put together a short snippet or "how to" for basic use that can be used for a test case. Feel free to reply here to this thread and I can input them into the wiki or post your results here: https://fedoraproject.org/wiki/SecuritySpin:QA_Brainstorm
I took a quick look at the available apps. Would you like to consider 'ratproxy' - a very nice open source tool for web-application security assessment from Google. Which I've used a couple of times earlier and got some really useful results.
http://code.google.com/p/ratproxy/
It could be added to the 'reconnaissance' category. (though it's a little more than just that)
Oh, and it's available in Fedora.
/kashyap
Many thanks to all, -AdamM
Feel free to put in a ticket for it https://fedorahosted.org/security-spin/report/1 and I'm sure someone will get to it asap.
Many thanks for your suggestion!
-AdamM