From li.jason.c at gmail.com Fri Jul 18 13:24:14 2008 From: li.jason.c at gmail.com (Jason Li) Date: Fri, 18 Jul 2008 13:24:14 -0400 Subject: [Owasp-jsp-testing-tool-project] RES: OWASP JSP Testing Tool 50% Review In-Reply-To: <34F0F38F90581D4C81142E2C0CD5BA2402EA9155@INFOGMAIL.OGMASTER.LOCAL> References: <34F0F38F90581D4C81142E2C0CD5BA2402EA9155@INFOGMAIL.OGMASTER.LOCAL> Message-ID: Fabricio, It's interesting that you're getting the execution errors in the browser. It looks like that might be an IE6 behavior so that's something I'll have to look into going forward. I definitely want things to work for as many environments as I can (I was testing in IE7). Thanks for finding that! As to the yellow cells and Unknown Error pages, the majority of them are currently a result of the Out of Heap Space errors that are happening in the project so that's currently expected. -- -Jason Li- -li.jason.c at gmail.com- On Fri, Jul 18, 2008 at 12:35 PM, wrote: > Hello, Jason! > > > Sorry for the delay. I installed succesfully the application. When I run it, > the following behaviour occurs and I'd like to confirm if I'm making any > mistake here. > > When I first access the app: > > I guess it's related to the "Out of Heap Space" issue in > (http://www.owasp.org/index.php/Project_Information:template_JSP_Testing_Tool_Project_-_50_Review_-_Self_Evaluation_-_A). > > Then, all the yellow cells report a tooltip with "Unknow error": > > > > When I click in any of the cells, all of them show a similar IFRAME: > > > > Am I doing anything wrong, or did I misunderstood the tool? > > Thanks, > Fabr?cio > > -----Mensagem original----- > De: Jason Li [mailto:li.jason.c at gmail.com > ] > Enviada em: ter?a-feira, 1 de julho de 2008 17:28 > Para: Fabricio Yutaka Fujikawa - Tecnologia - Infoglobo > Cc: markkerzner at gmail.com > Assunto: Re: RES: OWASP JSP Testing Tool 50% Review > > Fabricio, > > I put together a standalone demo of the application. It's rather large > (41M) so I couldn't put it on the Google Code site. I made it available > here: > http://inno.cuous.info/JspTestingTool-0.5-windows-standalone.zip > > To make this distribution, I borrowed OWASP WebGoat's distribution of Java > and run scripts and replaced WebGoat's Tomcat 5.5 distribution with Tomcat > 6.x. You should be able to unzip this file and run the start.bat file to > start Tomcat with the demo app. Once the server has started, you should be > able to access the demo page at http://localhost:8080/JspTestingTool/ > > Let me know if you have any issues. > > I'm about to leave for a short vacation (it's Independence Day in the US for > July 4th, which means a long weekend holiday :-)), but when I come back, > I'll try to document the code a little better in Subversion. I realize > you're not a Java developer but I'm hoping I can still leverage your > development experience for sanity checks just by bouncing implementation > ideas and concepts off of you. > > Mark - feel free to use this same standalone demo app distribution if you're > running in a Windows environment. > -- > -Jason Li- > -li.jason.c at gmail.com- > > > On Tue, Jul 1, 2008 at 10:18 AM, > wrote: >> Yes, I have 10+ years of experience in classic ASP, and some knowledge in >> ASP.NET. >> I'm running Windows XP Professional. >> >> Thanks! >> Fabr?cio >> >> -----Mensagem original----- >> De: Jason Li [mailto:li.jason.c at gmail.com] Enviada em: segunda-feira, >> 30 de junho de 2008 20:09 >> Para: Fabricio Yutaka Fujikawa - Tecnologia - Infoglobo >> Assunto: RE: RES: OWASP JSP Testing Tool 50% Review >> >> Hi Fabricio, >> >> No worries! I can help you get setup. What environment are you running >> (Windows, Linux, etc)? >> >> Remind me what your background is? Was it in ASP? >> >> -- >> -Jason Li- >> -li.jason.c at gmail.com- >> >> -----Original Message----- >> From: fabricio.fujikawa at infoglobo.com.br >> Sent: Monday, June 30, 2008 5:58 PM >> To: li.jason.c at gmail.com >> Cc: fabriciofuji at yahoo.com.br >> Subject: RES: OWASP JSP Testing Tool 50% Review >> >> Hello, Jason! >> >> >> I'm quite concerned about my role in this review! As I'm not a Java >> developer, how can I run the demo to answer the questionnaire? Do I have to >> setup a Java environment web server in my machine? I'm afraid I would >> probably face a lot of problems because I'm not familiar with the >> environment... Or am I being too pessimist? >> >> Please, give me orientations. >> >> >> Thanks, >> Fabr?cio >> > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - AVISO IMPORTANTE / > IMPORTANT NOTICE - - - - - - - - - - - - - - - - - - - - - - - - - - - > > > > Esta mensagem pode conter informa??es confidenciais e somente o indiv?duo ou > entidade a quem foi destinada pode utiliz?-la. A transmiss?o incorreta da > mensagem n?o acarreta a perda de sua confidencialidade. Caso esta mensagem > tenha sido recebida por engano, solicitamos que o fato seja comunicado ao > remetente e que a mensagem seja eliminada de seu sistema imediatamente. ? > vedado a qualquer pessoa que n?o seja o destinat?rio usar, revelar, > distribuir ou copiar qualquer parte desta mensagem. Ambiente de comunica??o > sujeito a monitoramento. > > > > This message may include confidential information and only the intended > addressee have the right to use it as is, or any part of it. A wrong > transmission does not break its confidentiality. If you've received it > because of a mistake or erroneous transmission, please notify the > senderdelete it from your system immediately. This communication environment > is controlled and monitored. > > > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - -