[Owasp-austin] OT? web application frameworks

travis+ml-owasp at subspacefield.org travis+ml-owasp at subspacefield.org
Wed Aug 12 16:46:11 EDT 2009


Just a status update.

I decided to just get started.  I knew python and wasn't feeling like
I could come up to speed with advanced Ruby & RoR as quickly.  So I
located this book:

http://pylonsbook.com/

Starting from scratch, I had your basic "Hello World" in under 30
minutes.  I found it to be so much fun that I had to force myself to
go to sleep at 2am.

Developing in this framework was so easy that if I find something
better, re-writing my initial design will be even easier.

For those who are interested in Ruby, there's a conference coming up
near the end of the month:

http://lonestarrubyconf.com/

For those who deal with PHP, I wanted to send a friendly warning:

There's a system cracker group or person called ZFO...  which has hit
and cruelly humiliated a number of whitehats recently.

Based on my read of their latest screed, it appears to me that they're
using PHP LFI vulnerabilities to get initial access to the system.
That doesn't surprise me; the quality of PHP applications is very low,
and it appears to be hard - or at least uncommon - to write PHP
applications that don't have major security flaws.
-- 
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090812/cf82253d/attachment.bin 


More information about the Owasp-austin mailing list