Security Basics mailing list archives
Re: OSSIM Fedback
From: Fabrizio De Carlo Tiscali <fabrizio.decarlo () tiscali it>
Date: Thu, 24 Jun 2010 14:46:10 +0200
Hi list, do you have any updated experiences on OSSIM installation and use? I know that the message is very old, but I would like to know you recent experience with OSSIM. Do you have tried the Professional Edition? Thank you Fabrizio 2006/6/15 Stefano Zanero <zanero () elet polimi it>:
Dominique Karg wrote:It's not my duty to enter into discussion if ossim is easy to use or notIt is easy to use - not so much to install ;)I must say that I have to deny this and ask Stefano sincerely for proof of this.Let me say that your denial on public record here on this list is more than enough - I believe you on your word. However...This is why parts of it may be not well documented, not clearly structured and so on. But obfuscating / complicating code in purpose ? No way.Well, last time I looked (it was september last year) the OSSIM server code was completely undocumented - not just in nice, user friendly docs, but not EVEN IN THE CODE. We had to reconstruct the communication between client and server by reverse engineering the code and sniffing the communications, which is, let me say this gently, UNCOMMON for an open source project aiming to integration. Don't you think so ?Anyway, if you have had trouble understanding the code and needed help, we've got a small but fine user base who would've been glad to helpWe tried, at that time, on both #ossim and on project mailing lists... The answers we had were 1) in french and 2) private, so I won't quote them here... but I can quote a brief sentence of one of your "user base" members: " Ce manque de commentaires est fait pour éviter la reprise et modification du code source par d'autres personnes !! Un développeur OSSIM a dit: "if hell was coded, it would have been done like our server" " This mail, and others of the kind, were partially confirmed by devels on the channel. If your policy has changed, or if this was just a huge misunderstanding, I'll be glad to see some devel docs as soon as you can fix them together. Even as drafts, we will be glad to help you put the knowledge base together. Best, Stefano Zanero ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: OSSIM Fedback Fabrizio De Carlo Tiscali (Jun 24)