Xanda's Blog !~!

Hello Nokogiri

Mar
02

I’ve talked about scRUBYt! once and I’ve been using it for years as my primary ‘Google crawler’ aka Google web-scraper. So it is not a surprise if I say.. It was part of MyLipas Defacement Crawler as well 😉

If you are using scRUBYt! as your Google web-scraper as well, I would suggest you to take a look at your script, since it might be broken by now. Its not only the gem itself, event the domain of their website, scrubyt.org, is now expired. (but yes the project is till in github). I’ve noticed that my crawler reported zero URL (scraped from Google) everyday and it made me to think of 2 possibilities; the strings return zero match, OR the scraper is broken. And guess what, my second thought was right.

Yes.. Its another day in lab looking back at the crawler/scraper code. Now I don’t really depend on scRUBYt anymore due to lack of support/maintenance and broken gem dependencies. So here come the Nokogiri. With the XPaths support I manage to get working crawler as for the replacement.. in just few minutes. But of course the code will be a bit longer but NVM.. It works like a charm! 😀

Pen Testing the Web With Firefox

Feb
19

Nice write up by Michael “theprez98” Schearer



Get the PDF file HERE

Detects Adobe Flash flaws with SWFScan

Mar
24

HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.

HP is offering SWFScan because:

  • HP’s research shows that developers is increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
  • As a result, HP is seeing a proliferation of insecure applications being deployed on the web.
  • A vulnerable application built on the Flash platform widens your website’s attack surface creating more opportunity for malicious hackers.

How SWFScan works and what vulnerabilities it finds:

  • Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.
  • Identifies and reports insecure programming and deployment practices and suggests solutions.
  • Enables you to audit third party applications without requiring access to the source code.

Dowload this free tool to help your team find Flash vulnerabilities in your web applications.