Comments for Web Admin Blog

Comment on A XSS Vulnerability in Almost Every PHP Form I’ve Ever Written by PHPMailer - serverseitiges validieren der Eingabedaten nötig? - Seite 2 - php.de

PHPMailer - serverseitiges validieren der Eingabedaten nötig? - Seite 2 - php.de — Mon, 06 Feb 2012 14:28:57 +0000

[...] Warum wird $_SERVER['PHP_SELF'] immer als Standard für das Affenformular angegeben? Unter http://www.webadminblog.com/index.ph…-ever-written/ wird $_SERVER['SCRIPT_NAME'] als Alternative vorgeschlagen. Für einen Anfänger nur Mit leerem [...]

Comment on An Evaluation of Rapid7 NeXpose by Josh

Josh — Wed, 18 Jan 2012 17:39:19 +0000

Adam,

I admit that the Qualys network maps are pretty sweet and being able to visualize how devices are laid out on your network is definitely valuable. So far I haven’t been able to find anything similar with Rapid7. That said, the out-of-the-box reporting available with NeXpose blows Qualys out of the water. I’d rather have the reports over the network maps, but that’s just me.

As for the exploit kits, did you know that NeXpose now integrates (if you can call it that) with Metasploit? Basically, your scan results will show a list of vulnerabilities and then tag any of them where a Metasploit module exists to exploit it. So while Qualys may be able to test the exploit for you, with Metasploit you can test/exploit it yourself. Not sure if that’s a good or a bad thing.

Don’t get me wrong. I don’t buy all of the Rapid7 hype either as I feel it’s mostly generated by them and not by customers, but I do think they have some decent products (NeXpose, Metasploit, w3af). At this point, this type of scanning has basically become a commodity where with a few small exceptions, the various vendors are about equal. Because of that, IMHO licensing models (ie. the flexibility to be able to do what you need to do) and price have become the major components of vulnerability scanning purchases these days.

Comment on An Evaluation of Rapid7 NeXpose by Adam

Adam — Tue, 17 Jan 2012 23:50:06 +0000

RAPID7 SALES ARE THE WORST AT TAKING HINTS!!!! That aside I am leaving towards Qualys for two reasons.

1) Awesome network mapping capabilities
2) They subscribe to exploit kits and actually run the exploit.(within safe parameters) Found to many false positives with Nessus and Nexpose that I did not have with Qualys. Theres a reason why major players like Google choose Qualys.

Comment on A XSS Vulnerability in Almost Every PHP Form I’ve Ever Written by meh

meh — Tue, 10 Jan 2012 21:14:57 +0000

or just simply use

Comment on Auditors Just Don’t Understand Security by David Marcoux

David Marcoux — Thu, 27 Oct 2011 19:29:19 +0000

7-zip with AES is free and simple (for Windows).

Comment on An Evaluation of Rapid7 NeXpose by Josh

Josh — Thu, 15 Sep 2011 18:57:15 +0000

Destro, yes, I ran Rapid7 through the ringer back then. They told me before the eval that “NeXpose does 100% of what Qualys does and more.” I was extremely skeptical and, after testing, it was clear that this was not the case. They did a decent job finding vulnerabilities, and there was certainly overlap, but it was nowhere near 100%. That was Rapid7 several years ago. The old sales guy is gone and the new one who took his place is actually a decent guy. I found myself re-evaluating scanners this year due to what I consider to be very strict licensing restrictions on Qualys and ended up deciding to switch over to Rapid7 NeXpose. They were able to give us a pretty decent deal and I’ve been fairly happy so far. I did have one issue with being told by sales that you “can do discovery on an unlimited number of IP addresses” from outside the firewall. It turns out that they have some restrictions set on their hosted scanner that limits this, but I found the Rapid7 support personnel and management very willing to work with me to find an adequate solution to the problem. So I guess you can call me a Rapid7 convert for the time being. Let me know if you want to discuss in more detail and I’ll help you out.

Comment on An Evaluation of Rapid7 NeXpose by Destro

Destro — Thu, 15 Sep 2011 16:52:15 +0000

So….did anybody here really go into the intricacies of the RAPID7 solution? Having used open-source Wapiti and w3af, I was interested in their sponsorship of the wsaf project as well. Sure, the sales team is a bunch of fucking douchebags, I’ve heard this seven ways to Sunday since 2007….but what about the technology itself?

Comment on Splunk Best Practices by Josh

Josh — Fri, 12 Aug 2011 17:01:46 +0000

Garret, I’m not sure what to tell you. I wrote the app for an older version of Splunk and that dashboard module worked just fine. It’s possible that Splunk changed this in a newer version and it no longer works, but I’ve tested it on our version 4.2.2, build 101277 server and it seems to be working without issue. Have you tried talking to Splunk support?

Comment on Splunk Best Practices by Garrett Hildebrand

Garrett Hildebrand — Mon, 08 Aug 2011 22:51:08 +0000

I downloaded and installed your Splunk Monitoring application. When I bring-up the app under the apps menu from within splunk I see the following error:

“This view has a Splunk.Module.HiddenSearch module but it is configured with no child modules to push its changes to. This represents a configuration error.”

There is someone who posted on splunk answers the same error, and someone wrote back and said to comment-out line 24 and to add line 78. But that totally does not work and causes yet another error (I saw this at http://splunk-base.staging.splunk.com/answers/5672/error-on-dashboard-splunk-agent-monitoring-app ).

I have the monitoring script working okay, so it is the $SPLUNK_HOME/etc/apps/splunk_monitoring/default/data/ui/views/dashboard.xml that is apparently the problem. Suggestions?

Comment on Amazon EC2 EBS Instances and Ephemeral Storage by Chris Fordham

Chris Fordham — Sun, 07 Aug 2011 06:53:44 +0000

@RiskEraser
You can use an AMI which has a built-in swap partition or simply use a swap file on the root filesystem/partition.