Nmap Development mailing list archives
Re: GSoC: Hosted Scanner
From: Mike Smith <scgtrp () gmail com>
Date: Mon, 29 Mar 2010 02:04:53 -0400
(Was this supposed to go to the mailing list? Replying there anyway.) On Mon, Mar 29, 2010 at 1:14 AM, Michael Pattrick <mpattrick () rhinovirus org> wrote:
Hello Mike, The hosted scanner is a neat project, here are a few tips for your application: - Python is probably better, as the Nmap family of projects already has several dependencies on Python, and adding different dependencies is no fun.
Well, that works out nicely. I like Python more anyway :)
- The hosted scan page already has a lot of the details worked out in abstract, but you should still communicate how you will meet the important requirements. Ie, do you have any techniques for sanitizing input.
"Follow best-practices for CGI security, such as limiting field values to known-trusted patterns rather than trying to remove "bad" characters." Not sure I can say it any better than that, for example no valid port range would ever contain anything but numbers and dashes.
- While a lot of the details have already been flushed out, there is still room for creativity. Be sure to include any unique ideas you have for the project.
Nothing interesting currently, but I'll be sure to include anything I think of. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSoC: Hosted Scanner Mike Smith (Mar 28)
- Message not available
- Re: GSoC: Hosted Scanner Mike Smith (Mar 28)
- Message not available
- Re: GSoC: Hosted Scanner David Fifield (Mar 29)
- Re: GSoC: Hosted Scanner Mike Smith (Mar 29)
- Re: GSoC: Hosted Scanner Michael Pattrick (Mar 29)
- Re: GSoC: Hosted Scanner Fyodor (Mar 30)
- Re: GSoC: Hosted Scanner Mike Smith (Mar 30)
- Re: GSoC: Hosted Scanner Mike Smith (Mar 29)