[Owasp-o2-platform] 20 O2 Platform related posts

Dinis Cruz dinis.cruz at owasp.org
Sat May 4 08:30:40 UTC 2013


 Since there are a couple new email subscribers on this list (that are
trying to get their head around the O2 Platform), here are the lastest 20
O2 Platform blog posts that I wrote at by blog
<http://blog.diniscruz.com>(going all the way back to (9th of Feb).

Note: I still need to find a better way to send this types of blog updates
and hopefully the format holds (this is a copy and paste from this
page<http://blog.diniscruz.com/search/label/O2%20Platform>
)

Dinis Cruz


FRIDAY, 3 MAY 2013
Decrypting AES strings sent from server to an 'client-side browser based'
Flash swf (using Javascript and
C#)<http://blog.diniscruz.com/2013/05/decrypting-aes-strings-sent-from-server.html>
So I was looking at this Flash-based website which used a really good
security measure: *it encrypted all GET and POST data using AES. *

This creates a ‘couple’ probs when testing/understanding how the app works,
since we can’t easily see what is being sent to/from the server (by/to the
flash swf running in the browser).

Ironically, because it is hard to see and change these values, apps that
protect the client/server traffic this way usually have tons of server-side
vulnerabilities, since it is easy to assume (by the devs and QA) that those
values will never be changed (and it also makes it very hard to do any
testing outside what the normal UI allows).

For example if we look at the login sequence, we will see that when the
user submits its login details (entered via the Flash GUI), there is a
request to */post.ashx* that looks like this:

Read more »<http://blog.diniscruz.com/2013/05/decrypting-aes-strings-sent-from-server.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
18:37<http://blog.diniscruz.com/2013/05/decrypting-aes-strings-sent-from-server.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=6850330585440298868>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=6850330585440298868>Links
to this post<http://blog.diniscruz.com/2013/05/decrypting-aes-strings-sent-from-server.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6850330585440298868&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6850330585440298868&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6850330585440298868&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6850330585440298868&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
FRIDAY, 19 APRIL 2013
Decoding an URL using O2 Platform C#
REPL<http://blog.diniscruz.com/2013/04/decoding-url-using-o2-platform-c-repl.html>
Sometimes the O2 Platform helps me in the smallest of ways.

After my windows VM was forcible rebooted by Windows Update, I was facing
with a pain to recover chrome’s open windows due to:

   - When I opened Chrome I was not logged in to Starbucks
   - Starbucks redirects to their login, while keeping the previous address
   in as URL encoded GET parameter
   - The redirect doesn’t work if you are already logged in

Read more »<http://blog.diniscruz.com/2013/04/decoding-url-using-o2-platform-c-repl.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
15:15<http://blog.diniscruz.com/2013/04/decoding-url-using-o2-platform-c-repl.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=7414524816418845077>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=7414524816418845077>Links
to this post<http://blog.diniscruz.com/2013/04/decoding-url-using-o2-platform-c-repl.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7414524816418845077&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7414524816418845077&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7414524816418845077&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7414524816418845077&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
Finding a html link with no ID in the middle of a web page using WatiN (via
IE objects and jQuery)<http://blog.diniscruz.com/2013/04/finding-html-link-with-no-id-in-middle.html>
When coding web automation scripts,  a common problem is that the target
HTML element that we want to access doesn't have any id or attribute that
we can use to map it.

This posts shows a number of examples on how to to find those HTML elements
using O2 Platform <http://blog.diniscruz.com/p/owasp-o2-platform.html>’s
WatiN/IE extension methods.

Read more »<http://blog.diniscruz.com/2013/04/finding-html-link-with-no-id-in-middle.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
13:09<http://blog.diniscruz.com/2013/04/finding-html-link-with-no-id-in-middle.html>
 2 comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=7792731356450252462>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=7792731356450252462>Links
to this post<http://blog.diniscruz.com/2013/04/finding-html-link-with-no-id-in-middle.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7792731356450252462&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7792731356450252462&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7792731356450252462&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7792731356450252462&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
WatiN <http://blog.diniscruz.com/search/label/WatiN>
OWASP AppSensor and O2 Platform at Security B-Sides
London<http://blog.diniscruz.com/2013/04/owasp-appsensor-and-o2-platform-at.html>
(reblogging Colin’s post about this
event<https://www.clerkendweller.com/2013/4/19/AppSensor-at-Security-BSides-London>
:)
)

Next week me and Colin Watson <https://www.clerkendweller.com/> will be
running an OWASP
AppSensor<https://www.owasp.org/index.php/OWASP_AppSensor_Project>
 and OWASP O2 Platform
<http://blog.diniscruz.com/p/owasp-o2-platform.html> workshop
at Security B-Sides London 2013 <http://www.securitybsides.org.uk/>.

We will be demonstrating and helping attendees of the workshop specify,
define and implement application-specific attack detection and real-time
response. Our agenda is:

   - OWASP AppSensor concept
   - Attack detection exercise
   - Real world implementation (using O2 Platform and TeamMentor)
   - Alternative deployment models

We'll be using paper-based materials and real code demonstrations (in .Net,
Java and PHP), so just bring your brains along.

The workshop <http://www.securitybsides.org.uk/workshops.html> is being run
from 14:00 to 15:30 hrs on Wednesday April 24th 2013 and can be booked on
arrival at the event. It is available on a first come, first served basis.

Security B-Sides London is a community-driven free
event<http://www.securitybsides.org.uk/about.html> but
requires registration, but due to overwhelming demand there is a waiting
list.

We hope to see you there.



Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
10:33<http://blog.diniscruz.com/2013/04/owasp-appsensor-and-o2-platform-at.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=1206352772706685159>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=1206352772706685159>Links
to this post<http://blog.diniscruz.com/2013/04/owasp-appsensor-and-o2-platform-at.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=1206352772706685159&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=1206352772706685159&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=1206352772706685159&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=1206352772706685159&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
OWASP <http://blog.diniscruz.com/search/label/OWASP>,
TeamMentor<http://blog.diniscruz.com/search/label/TeamMentor>
THURSDAY, 18 APRIL 2013
O2 Platform 5.1.1 version with all dll references
included<http://blog.diniscruz.com/2013/04/o2-platform-511-version-with-all-dll.html>
A common issue that happens when running the default O2 Platform default
exe/gui from an corporate network is that some ‘*on-demand dependency
downloads*’ fail due to restrictions imposed by the network’s web proxy.

So if you have this issue, try downloading the O2_Platform v5.1.1 [with
extra References].zip<https://o2platform.googlecode.com/files/O2_Platform_v5.1.1_%5Bwith_extra_References%5D.zip>
which
is 23Mbs

Read more »<http://blog.diniscruz.com/2013/04/o2-platform-511-version-with-all-dll.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
09:00<http://blog.diniscruz.com/2013/04/o2-platform-511-version-with-all-dll.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=2982782369008099117>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=2982782369008099117>Links
to this post<http://blog.diniscruz.com/2013/04/o2-platform-511-version-with-all-dll.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2982782369008099117&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2982782369008099117&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2982782369008099117&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2982782369008099117&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
WinForms WebBrowser running inside a WPF Host (controlled by a WinForms
TreeView)<http://blog.diniscruz.com/2013/04/winforms-webbrowser-running-inside-wpf.html>
Here is an example of how to use FluentSharp’s WPF/WinForms Extension
Methods to host the WinForms WebBrowser Control (IE based) inside the WPF
Graph element.

Read more »<http://blog.diniscruz.com/2013/04/winforms-webbrowser-running-inside-wpf.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
08:59<http://blog.diniscruz.com/2013/04/winforms-webbrowser-running-inside-wpf.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=5827948440023342618>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=5827948440023342618>Links
to this post<http://blog.diniscruz.com/2013/04/winforms-webbrowser-running-inside-wpf.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=5827948440023342618&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=5827948440023342618&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=5827948440023342618&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=5827948440023342618&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
WPF <http://blog.diniscruz.com/search/label/WPF>
FRIDAY, 5 APRIL 2013
Running Customized C# code loaded from TeamMentor’s UserData
repository<http://blog.diniscruz.com/2013/04/running-customized-c-code-loaded-from.html>
A really powerful feature of TeamMentor 3.3. is its ability to run CSharp
Scripts included in the mapped UserData repository (script execution is
powered by O2 Platform's FluentSharp APIs).

This blog post shows how it works

Read more »<http://blog.diniscruz.com/2013/04/running-customized-c-code-loaded-from.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
10:01<http://blog.diniscruz.com/2013/04/running-customized-c-code-loaded-from.html>
 1 comment: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=3640093102167036342>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=3640093102167036342>Links
to this post<http://blog.diniscruz.com/2013/04/running-customized-c-code-loaded-from.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3640093102167036342&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3640093102167036342&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3640093102167036342&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3640093102167036342&target=facebook>
Labels: FluentSharp <http://blog.diniscruz.com/search/label/FluentSharp>, O2
Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
REPL<http://blog.diniscruz.com/search/label/REPL>
, TeamMentor <http://blog.diniscruz.com/search/label/TeamMentor>
MONDAY, 18 MARCH 2013
Download of O2 Platform Stand-alone-tools that run on
OSx<http://blog.diniscruz.com/2013/03/download-of-o2-platform-stand-alone.html>
Continuing on the OSX <http://blog.diniscruz.com/search/label/OSx> Theme
(see last couple posts) I updated the O2 Platform download
page<http://code.google.com/p/o2platform/downloads/list> with
a number of *Stand-alone-exes* that work on both windows and OSX:

[image: NewImage]
Read more »<http://blog.diniscruz.com/2013/03/download-of-o2-platform-stand-alone.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
03:02<http://blog.diniscruz.com/2013/03/download-of-o2-platform-stand-alone.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=6588113771269605658>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=6588113771269605658>Links
to this post<http://blog.diniscruz.com/2013/03/download-of-o2-platform-stand-alone.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6588113771269605658&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6588113771269605658&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6588113771269605658&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6588113771269605658&target=facebook>
Labels: Java <http://blog.diniscruz.com/search/label/Java>, O2
Platform<http://blog.diniscruz.com/search/label/O2%20Platform>
, OSx <http://blog.diniscruz.com/search/label/OSx>
Running O2 Platform's main C# REPL script on OSX (wasn't working
before)<http://blog.diniscruz.com/2013/03/running-o2-platforms-main-c-repl-script.html>
After the last couple posts on
O2<http://blog.diniscruz.com/p/owasp-o2-platform.html>
 and OSX <http://blog.diniscruz.com/search/label/OSx> I decided to have a
quick go at running the main O2 C#
REPL<http://blog.diniscruz.com/p/c-repl-script-environment.html> on
my Mac and was very pleasantly surprised when it worked!!!

Here is a screenshot of the PoC - Roslyn C# ScriptEngine Execute
v1.0.exe<http://o2platform.googlecode.com/files/PoC%20-%20Roslyn%20C%23%20ScriptEngine%20Execute%20v1.0.exe>
(which
you can download from
here<http://o2platform.googlecode.com/files/PoC%20-%20Roslyn%20C%23%20ScriptEngine%20Execute%20v1.0.exe>)
:
Read more »<http://blog.diniscruz.com/2013/03/running-o2-platforms-main-c-repl-script.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
02:58<http://blog.diniscruz.com/2013/03/running-o2-platforms-main-c-repl-script.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=7857720569607447207>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=7857720569607447207>Links
to this post<http://blog.diniscruz.com/2013/03/running-o2-platforms-main-c-repl-script.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7857720569607447207&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7857720569607447207&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7857720569607447207&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7857720569607447207&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
OSx <http://blog.diniscruz.com/search/label/OSx>
Problem running O2's Exe on OSX 10.8 , fixed using
XQuartz<http://blog.diniscruz.com/2013/03/problem-running-o2s-exe-on-osx-108.html>
I just tried to run a simple O2 Platform Exe on OSx (which used to work)
and got this:

[image: NewImage]

I.e. nothing happened!
Read more »<http://blog.diniscruz.com/2013/03/problem-running-o2s-exe-on-osx-108.html#more>
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
01:46<http://blog.diniscruz.com/2013/03/problem-running-o2s-exe-on-osx-108.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=3226502494258787744>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=3226502494258787744>Links
to this post<http://blog.diniscruz.com/2013/03/problem-running-o2s-exe-on-osx-108.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3226502494258787744&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3226502494258787744&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3226502494258787744&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3226502494258787744&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
OSx <http://blog.diniscruz.com/search/label/OSx>
SATURDAY, 16 MARCH 2013
Getting list of Jars loaded in SystemClassLoader (using
Jni4Net)<http://blog.diniscruz.com/2013/03/getting-list-of-jars-loaded-in.html>
I just created a couple extension methods for
Jni4Net<http://blog.diniscruz.com/search/label/Jni4Net> that
allow (amongst other things) the listing of the jars currently loaded in
the SystemClassLoader (see
API_Jni4Net.cs<https://github.com/o2platform/O2.Platform.Scripts/blob/master/3rdParty/Jni4Net/API_Jni4Net.cs>
for
the code of these .NET Extension Methods)

The objective is to simplify the use of Jni4Net, and to hide the complexity
in consuming Java code from .NET:

Here are a couple examples of these Extension
Methods<https://github.com/o2platform/O2.Platform.Scripts/blob/master/3rdParty/Jni4Net/API_Jni4Net.cs>
in
action:
Read more »<http://blog.diniscruz.com/2013/03/getting-list-of-jars-loaded-in.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 19:40<http://blog.diniscruz.com/2013/03/getting-list-of-jars-loaded-in.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=4164310568635823146>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=4164310568635823146>Links
to this post<http://blog.diniscruz.com/2013/03/getting-list-of-jars-loaded-in.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4164310568635823146&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4164310568635823146&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4164310568635823146&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4164310568635823146&target=facebook>
Labels: Jni4Net <http://blog.diniscruz.com/search/label/Jni4Net>, O2
Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
Loading OWASP ESAPI jar and its dependencies from C# (using
jni4net)<http://blog.diniscruz.com/2013/03/loading-owasp-esapi-jar-and-its.html>
Here is a pretty cool PoC where I was able to load an jar file and its
dependencies into an 'Jni4Net <http://jni4net.sourceforge.net/> created' JVM

Read more »<http://blog.diniscruz.com/2013/03/loading-owasp-esapi-jar-and-its.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 11:59<http://blog.diniscruz.com/2013/03/loading-owasp-esapi-jar-and-its.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=8362737447610813564>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=8362737447610813564>Links
to this post<http://blog.diniscruz.com/2013/03/loading-owasp-esapi-jar-and-its.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=8362737447610813564&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=8362737447610813564&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=8362737447610813564&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=8362737447610813564&target=facebook>
Labels: Jni4Net <http://blog.diniscruz.com/search/label/Jni4Net>, O2
Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
OWASP<http://blog.diniscruz.com/search/label/OWASP>
Invoking Java BeanShell from .Net
CLR<http://blog.diniscruz.com/2013/03/invoking-java-beanshell-from-net-clr.html>
Here is a very rough PoC of how I was able to execute a JavaBean
<http://www.beanshell.org/>shell
script from inside the O2 Platform (with the java code executed under a JVM)

Executing *"return 2+2;"* as a java beanshell comand (see result on the
bottom right Output pane)
Read more »<http://blog.diniscruz.com/2013/03/invoking-java-beanshell-from-net-clr.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 11:47<http://blog.diniscruz.com/2013/03/invoking-java-beanshell-from-net-clr.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=3050353831810671506>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=3050353831810671506>Links
to this post<http://blog.diniscruz.com/2013/03/invoking-java-beanshell-from-net-clr.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3050353831810671506&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3050353831810671506&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3050353831810671506&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=3050353831810671506&target=facebook>
Labels: Jni4Net <http://blog.diniscruz.com/search/label/Jni4Net>, O2
Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
Invoking an OWASP AppSensor Java method from .NET C# REPL (using
Jni4Net)<http://blog.diniscruz.com/2013/03/invoking-owasp-appsensor-java-method.html>
On the topic of
AppSensor<https://www.owasp.org/index.php/OWASP_AppSensor_Project>,
you might find the code snippet below interesting.

Inside an O2 Platform <http://blog.diniscruz.com/p/owasp-o2-platform.html> C#
REPL editor <http://blog.diniscruz.com/p/c-repl-script-environment.html> (which
is running in .Net's CLR), I was able to:


   - load the AppSensor jar in a new class loader,
   - access/view its classes in a GUI
   - create an instance of *org.owasp.appsensor.trendmonitoring.TrendEvent*
   - execute the *getTime *method).


Note that the AppSensor code is running on the Java's JVM (loaded in the
same process as the .Net's CLR)

The code is still in very rough status, but it works :)
Read more »<http://blog.diniscruz.com/2013/03/invoking-owasp-appsensor-java-method.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 11:42<http://blog.diniscruz.com/2013/03/invoking-owasp-appsensor-java-method.html>
 1 comment: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=553127946786642723>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=553127946786642723>Links
to this post<http://blog.diniscruz.com/2013/03/invoking-owasp-appsensor-java-method.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=553127946786642723&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=553127946786642723&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=553127946786642723&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=553127946786642723&target=facebook>
Labels: AppSensor <http://blog.diniscruz.com/search/label/AppSensor>,
Jni4Net <http://blog.diniscruz.com/search/label/Jni4Net>, O2
Platform<http://blog.diniscruz.com/search/label/O2%20Platform>
FRIDAY, 15 MARCH 2013
Putting O2 content on Google Code's wiki (just like
ZAP)<http://blog.diniscruz.com/2013/03/putting-o2-content-on-google-codes-wiki.html>
I really like what Simon is doing with Zap at
https://code.google.com/p/zaproxy/wiki/Introduction?tm=6 and I think we
should do the same with O2 (I would like to have used the main OWASP
wiki<https://www.owasp.org/index.php/OWASP_O2_Platform>,
but it's to messy, heavy and lacks the ability to create a side navigation)

It will be at https://code.google.com/p/o2platform/wiki<https://code.google.com/p/o2platform/w/list>

The idea is that the O2 related blogs entries are used for how-to articles,
and the wiki pages contain consolidated content and references links (to
those blog entries)

This would give O2 users good kickstarters on particular topics, for
example https://code.google.com/p/o2platform/wiki/Browser_Automation :)

If you want to help editing these pages, send me your google account id and
i'll make you an editor
Posted by Dinis Cruz  <https://plus.google.com/101331715302361457274>at
18:53<http://blog.diniscruz.com/2013/03/putting-o2-content-on-google-codes-wiki.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=4383971048820447551>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=4383971048820447551>Links
to this post<http://blog.diniscruz.com/2013/03/putting-o2-content-on-google-codes-wiki.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4383971048820447551&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4383971048820447551&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4383971048820447551&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=4383971048820447551&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
THURSDAY, 14 MARCH 2013
Manually adding a code complete reference to the FLuentSharp C# REPL editor
(using a 'Script the Script'
editor)<http://blog.diniscruz.com/2013/03/manually-adding-code-complete-reference.html>
Let’s say that you are in the C# REPL editor and you want to manually add a
dll to be taken into account by the code complete engine (useful in the 5.1
version of the O2 Platform which had a bug that prevents some references
from loading)

For example, let say you added the O2_FluentSharp_NGit.dll reference:
Read more »<http://blog.diniscruz.com/2013/03/manually-adding-code-complete-reference.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 01:00<http://blog.diniscruz.com/2013/03/manually-adding-code-complete-reference.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=2811741589809998037>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=2811741589809998037>Links
to this post<http://blog.diniscruz.com/2013/03/manually-adding-code-complete-reference.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2811741589809998037&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2811741589809998037&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2811741589809998037&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=2811741589809998037&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
Setting up a apache (httpd) based git server (using an O2 Platform
script)<http://blog.diniscruz.com/2013/03/setting-up-apache-httpd-based-git.html>
Following from the instructions on this blog post Hosting a Git server
under Apache on
Windows<http://www.jeremyskinner.co.uk/2010/07/31/hosting-a-git-server-under-apache-on-windows/>
and
after installing git and apache locally

I wrote this O2 script:
Read more »<http://blog.diniscruz.com/2013/03/setting-up-apache-httpd-based-git.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 00:55<http://blog.diniscruz.com/2013/03/setting-up-apache-httpd-based-git.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=6099817229025999618>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=6099817229025999618>Links
to this post<http://blog.diniscruz.com/2013/03/setting-up-apache-httpd-based-git.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6099817229025999618&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6099817229025999618&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6099817229025999618&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6099817229025999618&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>
THURSDAY, 7 MARCH 2013
Seeing an NGit Diff by using reflection to access the internal
Sharpen.ByteArrayOutputStream
Class<http://blog.diniscruz.com/2013/03/seeing-ngit-diff-by-using-reflection-to.html>
I was trying to get the NGif diff output stream, but hit on an issue that
the *Sharpen.ByteArrayOutputStream* class is internal

Read more »<http://blog.diniscruz.com/2013/03/seeing-ngit-diff-by-using-reflection-to.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 16:51<http://blog.diniscruz.com/2013/03/seeing-ngit-diff-by-using-reflection-to.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=6557399726971260225>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=6557399726971260225>Links
to this post<http://blog.diniscruz.com/2013/03/seeing-ngit-diff-by-using-reflection-to.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6557399726971260225&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6557399726971260225&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6557399726971260225&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=6557399726971260225&target=facebook>
Labels: NGit <http://blog.diniscruz.com/search/label/NGit>, O2
Platform<http://blog.diniscruz.com/search/label/O2%20Platform>
Viewing the C# MethodStream for a
WebMethod<http://blog.diniscruz.com/2013/03/viewing-c-methodstream-for-webmethod.html>
I was debugging an issue with TeamMentor WebServices and created a view
that gave me the *MethodStreams* for all its source code

*MethodStreams* are virtual files that contain all relevant 'call-flow
source-code' for a particular starting methods (note: *MethodStreams* are
one of O2 <http://blog.diniscruz.com/p/owasp-o2-platform.html>’s biggest
innovation on the SAST world)
Read more »<http://blog.diniscruz.com/2013/03/viewing-c-methodstream-for-webmethod.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 02:57<http://blog.diniscruz.com/2013/03/viewing-c-methodstream-for-webmethod.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=7604916092979177891>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=7604916092979177891>Links
to this post<http://blog.diniscruz.com/2013/03/viewing-c-methodstream-for-webmethod.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7604916092979177891&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7604916092979177891&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7604916092979177891&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7604916092979177891&target=facebook>
Labels: O2 Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
SAST <http://blog.diniscruz.com/search/label/SAST>
SATURDAY, 9 FEBRUARY 2013
What does the .html() FluentSharp Extension Method
does<http://blog.diniscruz.com/2013/02/what-does-html-fluentsharp-extension.html>
Well it gets the HTML code of a particular URL :)

And it does the same thing as the FluentSharp
BCL<http://nuget.org/packages/FluentSharp.BCL/>'s
 *.GET() *extension method.

Read more »<http://blog.diniscruz.com/2013/02/what-does-html-fluentsharp-extension.html#more>
Posted by Dinis Cruz  <http://www.blogger.com/profile/01508591064643847461>
at 11:46<http://blog.diniscruz.com/2013/02/what-does-html-fluentsharp-extension.html>
 No comments: <http://www.blogger.com/comment.g?blogID=7061568054540301299&postID=7608736977457703015>
 <http://www.blogger.com/email-post.g?blogID=7061568054540301299&postID=7608736977457703015>Links
to this post<http://blog.diniscruz.com/2013/02/what-does-html-fluentsharp-extension.html#links>
Email This<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7608736977457703015&target=email>
BlogThis!<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7608736977457703015&target=blog>Share
to Twitter<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7608736977457703015&target=twitter>Share
to Facebook<http://www.blogger.com/share-post.g?blogID=7061568054540301299&postID=7608736977457703015&target=facebook>
Labels: FluentSharp <http://blog.diniscruz.com/search/label/FluentSharp>, O2
Platform <http://blog.diniscruz.com/search/label/O2%20Platform>,
REPL<http://blog.diniscruz.com/search/label/REPL>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20130504/44d2a8aa/attachment-0001.html>


More information about the Owasp-o2-platform mailing list