.
Full Version: Vote For Which Project You Want!
Well at jut over 9.5% i don't quite see it winning but do what you feel you want to do .
.
i am confused between two of these
1. Security Scanner
2. Vulnerabilities Source Code Analyser
umm... can be either of these
1. Security Scanner
2. Vulnerabilities Source Code Analyser
umm... can be either of these
What would you like the team to create? Let's have your input here. Poll will end next friday.
Thank you for your time.
Shaun.
Thank you for your time.
Shaun.
i choose other...maybe it's immpossible but would be nice for a GUI compiler for c and/or others...
many of ppl here getting problems compiling stuff
many of ppl here getting problems compiling stuff
well this is my sort of interest..so i voted
Vulnerabilities Source Code Analyser
Vulnerabilities Source Code Analyser
I voted for Vulnerabilities Source Code Analyser too.
Would be useful for me at any rate... more than the others.
Would be useful for me at any rate... more than the others.
lol, re-inventing the wheel... 
i reall y like the idea of the Source Code Analyser but i think its a little over my coding skills and i would not know where to start but i'll help any way i can
I would have voted Vulnerabilities Source Code (without Analayzer 
), Didnt you say shaun you'd try and see whats the demand for xploits ?
I'm pretty confident this is the only thing myself (and many others) will have use of, but not only for whooping boxes, yet also helping others understand how exploits work and how to write them. I'm sure not few coders could use such examples, and ask questions directly.
But eventually, since you are complaining that most of the masses will use it for defacing boxes, I can just say that most of whats talked about in governmentsecurity forums is defacement of sites, tools for defacement, autorooters, new exploits and so on. not to mention - giving a public stage for defacing experiences, and compiled working exploit codes. So you're not quite "off the responsibility" on this one. You do help the kids deface, whether you like it or not. I, however, personally don't have any objection to this act, since those companies who make the programs, Micro$oft at particular, will never do enough to improve their products' security otherwise. they just won't learn, and customers who get hit might try alternatives, which will also affect those companies who release buggy products, to improve. and fact is, as much as i believe in the microsoft-u.s. government infamous conspiracy, they have got security standards much higher then how it was few years ago (yet still not good enough).
just my 2cents...
), Didnt you say shaun you'd try and see whats the demand for xploits ?I'm pretty confident this is the only thing myself (and many others) will have use of, but not only for whooping boxes, yet also helping others understand how exploits work and how to write them. I'm sure not few coders could use such examples, and ask questions directly.
But eventually, since you are complaining that most of the masses will use it for defacing boxes, I can just say that most of whats talked about in governmentsecurity forums is defacement of sites, tools for defacement, autorooters, new exploits and so on. not to mention - giving a public stage for defacing experiences, and compiled working exploit codes. So you're not quite "off the responsibility" on this one. You do help the kids deface, whether you like it or not. I, however, personally don't have any objection to this act, since those companies who make the programs, Micro$oft at particular, will never do enough to improve their products' security otherwise. they just won't learn, and customers who get hit might try alternatives, which will also affect those companies who release buggy products, to improve. and fact is, as much as i believe in the microsoft-u.s. government infamous conspiracy, they have got security standards much higher then how it was few years ago (yet still not good enough).
just my 2cents...
those are 2 pretty pennies...
i'm with tte
i'm with tte
I vote for the "Security Scanner", but the "Vulnerabilities Source Code Analyser " is intressting too
Yeap, sorry, you're right, exploit code does help people to learn. I'm sorry.
www.securityfocus.com
www.packetstormsecurity.org
Enjoy.
But on a serious note, I will edit the poll and add "exploits", and if exploit codes win, we'll write exploits for newly discovered vulnerabilities. If that's what you want, it's what you'll get. Don't come whinging to us when you realise that exploits really aren't so exciting...
Heh, I would quite like to write a firewall. Maybe we could do multiple stuff...
Thank you for your time.
Shaun.
www.securityfocus.com
www.packetstormsecurity.org
Enjoy.
But on a serious note, I will edit the poll and add "exploits", and if exploit codes win, we'll write exploits for newly discovered vulnerabilities. If that's what you want, it's what you'll get. Don't come whinging to us when you realise that exploits really aren't so exciting...
Heh, I would quite like to write a firewall. Maybe we could do multiple stuff...
Thank you for your time.
Shaun.
i think that a code analyser would be the best...
that's what we don't have...
i don't understand what it will be able to do but i think it will be great...
also, for guys that post a scanner or are going to post for scanner request, i must tell them to think about this again...
cause scanners are everywhere out...
they can google for them...
that's what we don't have...
i don't understand what it will be able to do but i think it will be great...
also, for guys that post a scanner or are going to post for scanner request, i must tell them to think about this again...
cause scanners are everywhere out...
they can google for them...
Well I'm in for the Firewall. Maybe u guys can think of something different .... I"ll try to thin kover it and do some research ....
P.S: I'm a white hatter
P.S: I'm a white hatter
Looks like source code analyser is winning so far. Keep those votes coming, whoever hasn't voted yet.
By the way, I haven't voted, I submitted a null vote to keep it as fair as possible.
-Shaun.
By the way, I haven't voted, I submitted a null vote to keep it as fair as possible.
-Shaun.
i want to join GSO team ..... msg me
Uhmmmm... didnt vote yet, but i´d like to see something like this http://www.thc.org/thc-rut/
Coz there are a lot more Firewalls and all the other stuff u suggested out there than smth like that (yes i know of P0f)
Coz there are a lot more Firewalls and all the other stuff u suggested out there than smth like that (yes i know of P0f)
yeap i agree, exploit code does help people to learn. Let's work on the analyzer
I'd also like to remind people of the zero tolerance to DDoS bots and virii on this forum. While it may be suggested we'd have to work something out in the middle ground.
Oh, sorry, would you like me to remove the option?
-Shaun.
-Shaun.
| QUOTE |
i am confused between two of these 1. Security Scanner 2. Vulnerabilities Source Code Analyser umm... can be either of these |
A security scanner is a scanner like Nessus.
A Source Code Analyser is a program which checks a piece of code for sloppy or vulnerable code.
-Shaun.
I have not decided yet.
But I think, It would be so helpfull if every one that would work here have a good view of those things. For example Source Code Analyser,
There are some same projects started before, e.g. Flawfinder RATS ITS4 PScan.
But I think, It would be so helpfull if every one that would work here have a good view of those things. For example Source Code Analyser,
There are some same projects started before, e.g. Flawfinder RATS ITS4 PScan.
| QUOTE |
| for example Flawfinder (Just take a look at freshmeat.net db): Flawfinder - Default branch by David A. Wheeler - Monday, May 21st 2001 12:57 PDT Section: Software About: Flawfinder searches through source code looking for potential security flaws. It will provide a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Flawfinder ignores text inside comments and strings. Author: David A. Wheeler Rating: 8.20/10.00 (3 votes) Homepage: http://www.dwheeler.com/flawfinder/ |
A good article to take a view: http://www.linuxjournal.com//article.php?sid=5673
Somebody told me, I can't remember, that u are looking for someguys w/ C/C++ experince. If u have a little experience w/ C And Python or PHP or Perl or Java, u are agree w/ me that developping such a text processing is so much painfull in C, but in Python PHP Ruby Java or Perl is fun.
Take a look alittle deeper on what u want to develop can help so much not get bored of the subject and discontinue it, after u started one of these project.
Poll ended.
The winner is: Vulnerabilities source code analyser, with 23 votes. Vulnerabilities source code analyser came close after with 21 votes. If we for some reason don't create a source code analyser, we'll write some exploits for newly discovered vulnerabilities.
Does anybody have anything to add? Objections? Ideas?
-Shaun.
The winner is: Vulnerabilities source code analyser, with 23 votes. Vulnerabilities source code analyser came close after with 21 votes. If we for some reason don't create a source code analyser, we'll write some exploits for newly discovered vulnerabilities.
Does anybody have anything to add? Objections? Ideas?
-Shaun.
All i have to say is ...
"Gogogogogogogogogogogo."
Lets get this thing organised.
"Gogogogogogogogogogogo."
Lets get this thing organised.
best of luck to all involved
as OneNight said. 
| QUOTE (shaun2k2 @ Nov 8 2003, 08:49 AM) |
| Poll ended. The winner is: Vulnerabilities source code analyser, with 23 votes. Vulnerabilities source code analyser came close after with 21 votes. If we for some reason don't create a source code analyser, we'll write some exploits for newly discovered vulnerabilities. Does anybody have anything to add? Objections? Ideas? -Shaun. |
Vulnerabilities source code analyser, with 23 votes. Vulnerabilities source code analyser came close after with 21 votes.
Same thing am I wrong?
Personally I think a redudant idea..i'd such suggest rather than just checking for unsecure functions like strcpy, etc. have it create a virtual env like vmware and then test it in there w/ a binary that way administrators can use it for malware.
Regards,
archphase
Letme know when it's done....
need a new toy.
Wkd.
Enjoy your day.
need a new toy.
Wkd.
Enjoy your day.
| QUOTE (OneNight @ Oct 21 2003, 08:25 PM) |
| I voted for Vulnerabilities Source Code Analyser too. Would be useful for me at any rate... more than the others. |
me too
maybe it is very useful
I voted vulnerabilities Source Code Analyser
cheers
cheers
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
