Nmap Development mailing list archives
Re: GSOC 2012 Web scanning specialist
From: David Fifield <david () bamsoftware com>
Date: Thu, 29 Mar 2012 10:26:50 -0700
On Mon, Mar 26, 2012 at 02:38:23PM +0530, Chetan Hosmani wrote:
I am Chetan Hosmani. I am doing my majors in Electronics at Birla Institute of Technology and Science, Pilani. I am in my last year and have plenty of time. I have always been very interested in security related fields and now am intrigued by Nmap's Lua scripting engine. Although I had never used Nmap before (I have experimented a lot on packets using Wireshark and AirPcap though) I feel I can enjoy working at Nmap, and gain and contribute to the community. The project on Web scanning specialist is very interesting. I feel I have the relevant experience in this area. I have worked on several HTML JavaScript based websites (links to which I will add in the application). Presently I am working on my academic project in a private firm that deals with HTTP header injection, SQL Injection, XSS based security threats. The technology involved however is J2EE (GWT as well as JSP). I have a good idea of the server side vulnerabilities that exist and how they are secured. Apart from this I have worked on PHP based sites (again the exact details I prefer to add in the application). For the GSoC project I have been going through the HTTP based scanning scripts and am getting a hang on Lua. So I would be really grateful if you could throw some pointers or ideas on what I could do. Any specific tasks (apart from building Nmap, zenmap, etc.) that would help me judge my own application would also be very useful.
Hello Chetan. It's nice to hear from you. Based on your experience, what are the areas in which Nmap's web script coverage is most lacking? You can get an idea of the types of scripts we have by going to http://nmap.org/nsedoc/ and browsing the ones that start with "http-". What vulnerabilities have you worked on that could be tested in NSE scripts? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSOC 2012 Web scanning specialist Chetan Hosmani (Mar 26)
- Re: GSOC 2012 Web scanning specialist David Fifield (Mar 29)