tag:blogger.com,1999:blog-88115952995552052982024-03-14T15:41:03.871+01:00OWASP ZAP: Dynamically Configurable actionsAlessandro Secco's GSoC projectAnonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-8811595299555205298.post-72881069682224465002013-09-25T12:16:00.003+02:002013-09-25T12:16:54.602+02:00GSoC End - Current Status<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Hi all.<br />
<br />
The GSoC 2013 is now ended, and this post will describe shortly the current status of the project.<br />
<br />
Of course, this sort of projects has always a load of things which can be done, and I'll continue to work on it, after this great summer of code. I'm pretty happy about how things went... I worked a lot, of course, but I enjoyed this experience a lot!<br />
<br />
After this brief introduction, I can declare the <b>status</b> of my project as <b>checked in</b>.<br />
Many things can still be made, and some minor tweaks which can improve user experience.<br />
<br />
You can find:<br />
<br />
<ul>
<li>full Zest documentation <a href="http://www.dei.unipd.it/~seccoale/gsoc_docs/index.html">here (API)</a>, and <a href="https://github.com/mozilla/zest/wiki">here (wiki)</a>;</li>
<li>Zest code <a href="http://github.com/mozilla/zest">here (Official)</a> and <a href="https://github.com/seccoale/zest">here (my repo, a fork with my latest changes)</a>;</li>
<li>Zap Code <a href="https://code.google.com/p/zaproxy/source/browse/">here</a>;</li>
<li>Zap-extensions code <a href="https://code.google.com/p/zap-extensions/source/browse/#svn%2Fbranches%2Fbeta%2Fsrc%2Forg%2Fzaproxy%2Fzap%2Fextension%2Fzest">here</a>.</li>
</ul>
<h3>
Minor Tweaks:</h3>
<div>
<ul>
<li>Adding ExpressionLength Dialog;</li>
<li>Adding a hover over to the IF node showing the full expression tree;</li>
<li>Same as before for AND/OR nodes;</li>
<li>Change some menu names.</li>
</ul>
</div>
<br />
<h3>
Some Screenshots of the Project:</h3>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqreiDMw0BnrqzHiH0l1SSea-k9aHUSOwN0qHc9EnJeAvIJ3ZuVtncS_gAZwYCU9AGe2FOvvUuPEYvgi2_1iCsmxeuInRxU32z6exwDlDX7_BnHA1x3rZyi3zoxcmOIBksFzmMs6GN6ewD/s1600/Selection_042.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqreiDMw0BnrqzHiH0l1SSea-k9aHUSOwN0qHc9EnJeAvIJ3ZuVtncS_gAZwYCU9AGe2FOvvUuPEYvgi2_1iCsmxeuInRxU32z6exwDlDX7_BnHA1x3rZyi3zoxcmOIBksFzmMs6GN6ewD/s1600/Selection_042.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Conditional UI</td></tr>
</tbody></table>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmr2Zc_gtIy0DZhhssbaScTg1LJ7qiw6ZYwQAUVtxQix3K6IF6zC8l2Qc-sLZrA1hOF4Yh7x_LoyOu5JcjwubOqz8RVXzYQSYav_YoEzsJcFIN7qKC8uDHZgLBX9Gq_yaJvM98gwr34XbT/s1600/Selection_043.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmr2Zc_gtIy0DZhhssbaScTg1LJ7qiw6ZYwQAUVtxQix3K6IF6zC8l2Qc-sLZrA1hOF4Yh7x_LoyOu5JcjwubOqz8RVXzYQSYav_YoEzsJcFIN7qKC8uDHZgLBX9Gq_yaJvM98gwr34XbT/s320/Selection_043.png" width="312" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Structured Expression UI</td></tr>
</tbody></table>
<br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMmdbbE3UJ4g394hfFMGJi9uRzflkUt4lvzXre1b9-ANGiGx2d5IqYnzh2VDSofwl-HWysgqTSh3y2JLko3_yK3sdIn3a7zcPn2FrNQa4KckT54bW4Elo4GudO9nwP8QJBMmDdV25Oti12/s1600/Selection_044.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMmdbbE3UJ4g394hfFMGJi9uRzflkUt4lvzXre1b9-ANGiGx2d5IqYnzh2VDSofwl-HWysgqTSh3y2JLko3_yK3sdIn3a7zcPn2FrNQa4KckT54bW4Elo4GudO9nwP8QJBMmDdV25Oti12/s320/Selection_044.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">SurroundWith menu for Expressions</td></tr>
</tbody></table>
<br /><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheva0EDo_G2t1Tix0ev1ZnfJ4cxAM2neBMOzBVsEUPRSiFq2HJ-wClNDxsHq2V7DXSWTTpHw5lp8GExc4YXUehr83Q14Gs-wCsP8JSBXr5uFCuXEBqby8L7roNjEH4SF8pIFB-prBtIIfk/s1600/Selection_041.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheva0EDo_G2t1Tix0ev1ZnfJ4cxAM2neBMOzBVsEUPRSiFq2HJ-wClNDxsHq2V7DXSWTTpHw5lp8GExc4YXUehr83Q14Gs-wCsP8JSBXr5uFCuXEBqby8L7roNjEH4SF8pIFB-prBtIIfk/s320/Selection_041.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">A complex Script using Loops and Structured Expression (with debug output).</td></tr>
</tbody></table>
</div>
<div class="separator" style="clear: both; text-align: center;">
for more screenshots, contact me, or simply check it out and try it ;)</div>
<h3 style="text-align: left;">
Things Made:</h3>
<div style="text-align: left;">
<ul>
<li>Created Structured Expressions inside Zest;</li>
<li>Added support for Structured Expression in ZestConditional & ZestAssertion</li>
<li>Added Loop to Zest as a new Statement;</li>
<li>Added support for the runner which manages loops of different types;</li>
<li>Added UI in ZAP for the changes above;</li>
<li>Tests;</li>
<li>Docs.</li>
</ul>
<div>
For more information, please do not hesitate to write a comment or to email in the dev-groups or to me directly.</div>
</div>
<div style="text-align: left;">
<br /></div>
<br /><br />Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-30569730627478698032013-09-10T23:10:00.003+02:002013-09-10T23:10:17.001+02:00Week 14 - close to the end: cleaning and debuggingIn this phase I'm cleaning the code and I'm making some other test to find out any other bug.<br />
<br />
This is a sample screenshot of the working project:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghvA7GsBvhQ56Siq8-GGW4Z1pZ9Rgg5a7wWuEtnMVKc2BBglZqZrPf6wVybGSzd4-nILdUTLn_WMR1jcynlvlfGcJiNIy1QzVNwHRTeBbv4rJQ3kNltWMVwKzqCQfh_P8mWtWXts1glu77/s1600/Selection_041.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghvA7GsBvhQ56Siq8-GGW4Z1pZ9Rgg5a7wWuEtnMVKc2BBglZqZrPf6wVybGSzd4-nILdUTLn_WMR1jcynlvlfGcJiNIy1QzVNwHRTeBbv4rJQ3kNltWMVwKzqCQfh_P8mWtWXts1glu77/s320/Selection_041.png" width="320" /></a></div>
<br />Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-6629688617457199812013-09-02T14:54:00.000+02:002013-09-02T14:54:12.206+02:00Intermediate Post - ZestComplexExpression UIThis post only to show the current implementation of the ComplexConditionals UI:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNkg4fsqkUJt5Ty1VODcwOWWASCvAJlPkzpDykPYwdde-K4s4kELZRg0TNtVhTUim7-SATpyueYGIY4oYsqFA2jPhu5MaZ__CYcxH-4Idvx59U1HDSIP448ylTw4FwiLBu428ot8uil9Cw/s1600/Selection_039.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNkg4fsqkUJt5Ty1VODcwOWWASCvAJlPkzpDykPYwdde-K4s4kELZRg0TNtVhTUim7-SATpyueYGIY4oYsqFA2jPhu5MaZ__CYcxH-4Idvx59U1HDSIP448ylTw4FwiLBu428ot8uil9Cw/s320/Selection_039.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
The script implemented is very simple, but it tests complex conditionals.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Simply it checks if the status code is 200 AND if the url request is equals to http://localhost:8080/bodgeit/login.jsp (exactly the request added in the script).</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Then, it checks if the response time is >10 ms OR <100 ms (which is obviously true).</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Complex Expressions are really close to be finished!</div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-32511586326746709532013-08-31T15:44:00.002+02:002013-08-31T15:44:48.062+02:00week 13 - Complex Conditionals UIThis is the 13th week. This week I continued working on the Complex Conditional UI.<br />
<br />
I have developed two UIs for adding Complex Conditionals:<br />
<br />
<br />
<ul>
<li>via Script Tree: It is now possible to build a new conditional with empty expression. The expression will be then built step by step by adding AND/OR nodes: Here some screenshots:</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglD1z6qGjgPk9_YGlBOcFdLu5dyofT8VwkWQxFoPdRXzrlJ3Nn8pLqqWSLR4BHpsURvgl8fYtm1T3E8bTcC6fcGzct80F6bE0kcTzqVmvzwqAbPaKer9A4RR_J1qQ2ah4NHF_Jig2BrbVg/s1600/Selection_035.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglD1z6qGjgPk9_YGlBOcFdLu5dyofT8VwkWQxFoPdRXzrlJ3Nn8pLqqWSLR4BHpsURvgl8fYtm1T3E8bTcC6fcGzct80F6bE0kcTzqVmvzwqAbPaKer9A4RR_J1qQ2ah4NHF_Jig2BrbVg/s320/Selection_035.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div>
and this is the result:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzbXfoTvPbuKyr-t8dtOVV9wFYV4ziUmwld6MO1uGNKruwkf1RS97Ov4A0yyQj5x5aN17V9P3hbFBKcS0En_1xCcWKgi_fTN3V6HN15fcOSf6jUG6XrfBs72_PBF3KzCkcQABaGHtYeXZq/s1600/Selection_036.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzbXfoTvPbuKyr-t8dtOVV9wFYV4ziUmwld6MO1uGNKruwkf1RS97Ov4A0yyQj5x5aN17V9P3hbFBKcS0En_1xCcWKgi_fTN3V6HN15fcOSf6jUG6XrfBs72_PBF3KzCkcQABaGHtYeXZq/s1600/Selection_036.png" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
As you can see, the "IF" node contains no child (no expression).</div>
<div class="separator" style="clear: both; text-align: left;">
User can then add other nodes, such as Simple Conditional, AND or OR nodes:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirVhoUMY_8kBsM9Ni_0K5vh0nu6zMPgJjwlneSyMA_BfM1svpLruw9VIblluSsCgaXQhqamYvvqLIFnRWfIQfHhK5r8I9h5asIeFBOWVS8EYfDzXQlCrt24Z66yqYCejLqp5S7h7hWdQo3/s1600/Selection_037.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirVhoUMY_8kBsM9Ni_0K5vh0nu6zMPgJjwlneSyMA_BfM1svpLruw9VIblluSsCgaXQhqamYvvqLIFnRWfIQfHhK5r8I9h5asIeFBOWVS8EYfDzXQlCrt24Z66yqYCejLqp5S7h7hWdQo3/s320/Selection_037.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
This is an example:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8PbmeF7e5M8X6eBRMAob83d-D2DSBiaOCcMcK9I8gMeJyouSBohtwW_BfN56oUd3nyKur1gL2mYAyPIZd8ZHUp3KU2cKytAlvFqlfw3RZ0mo_TdP5Ov1_BKJgHe-_j408pKEfhKpDIgLC/s1600/Selection_038.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8PbmeF7e5M8X6eBRMAob83d-D2DSBiaOCcMcK9I8gMeJyouSBohtwW_BfN56oUd3nyKur1gL2mYAyPIZd8ZHUp3KU2cKytAlvFqlfw3RZ0mo_TdP5Ov1_BKJgHe-_j408pKEfhKpDIgLC/s320/Selection_038.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul>
<li>via a complex Conditional Dialog:</li>
</ul>
<div>
This is the screenshot:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1mZh0qOvIB7nTVgSgJO_lCRLnbYJlA85UV72YN5CPZ_vTar3j2IUeA4EBjuBV6Ygic7Kk0HoM2pzY8106XZ90zIzx3-v4n2dbLqGm1FdyX3Q45-IPDRGuAA4Frf55exCpvqEMEixSEsMR/s1600/Selection_031.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1mZh0qOvIB7nTVgSgJO_lCRLnbYJlA85UV72YN5CPZ_vTar3j2IUeA4EBjuBV6Ygic7Kk0HoM2pzY8106XZ90zIzx3-v4n2dbLqGm1FdyX3Q45-IPDRGuAA4Frf55exCpvqEMEixSEsMR/s320/Selection_031.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
What is still missing?</div>
<div class="separator" style="clear: both; text-align: left;">
I have to add some lines to manage elimination of complex conditional nodes; </div>
<div class="separator" style="clear: both; text-align: left;">
Some lines to perform a check about where is it possible to insert which type of conditional node;</div>
<div class="separator" style="clear: both; text-align: left;">
A method to add the complete subtree given by a complete structured expression (built with the complex conditional dialog) .</div>
<div>
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-37722091177613706202013-08-23T12:57:00.001+02:002013-08-23T12:57:20.742+02:00Week 12 - Complex Conditional UIThis week I completed and pushed the definitive code for ZestLoops.<br />
Then I started working on ComplexConditional. I created a sample UI based on the prototype I made in my proposal:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi08f1iaL3ZBKgpyURuzqpopLDYRwA4eUcjjzq0o_eE6cs8CY6Ccz8ohbt87widjSmDU-SOXaGtJWCPvZpRGvaVU5TXRu8bPYICOhlhDX3LvPQGHMa8wsz40Dfu0zj-qI0NRlhq_UTETy17/s1600/Selection_031.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi08f1iaL3ZBKgpyURuzqpopLDYRwA4eUcjjzq0o_eE6cs8CY6Ccz8ohbt87widjSmDU-SOXaGtJWCPvZpRGvaVU5TXRu8bPYICOhlhDX3LvPQGHMa8wsz40Dfu0zj-qI0NRlhq_UTETy17/s320/Selection_031.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
There are still many things to do for Complex Conditional. The most interesting challenge is to parse the condition and create the RootExpression for the structured conditional.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This week I wrote a basic standard text representation for all the simple conditionals, and I wrote the regex to recognize them.</div>
<br />Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-90144567535928985852013-08-17T14:14:00.001+02:002013-08-17T14:14:09.707+02:00Week 11 - Loops UI, tests and refractoringThis is the 11th week.<br />
<br />
This week I worked a lot on loops, making the edits required to the loop interface.<br /><br />These changes forced me to refractor the previous code. Also some problem occurred.<br /><br />The main problem is about the serialization of loops. The test I made for serialization passed because they consisted on the serialization of a single Loop. This kind of test was not good, because it didn't consider the loop inside a Script. In fact the serialization of a Script containing a Loop didn't work properly.<br />
<br />
This problem is caused by the usage of generics and a bad design of the structure of loops.<br />
<br />
This week I noticed this problem and fixed it making some changes at the design:<br />
<br />
<ul>
<li>The set of token is now declared in the subtype (LoopInteger, LoopFile & LoopString);</li>
<li>The step is declared only for LoopInteger;</li>
<li>The loop phase now considers the index of the current token, and no more the value of the token.</li>
</ul>
<div>
After these changes I worked also at the Loop UI, changing the previous dialogs, here some snapshots:</div>
<div>
<br /></div>
<div style="text-align: center;">
This is the dialog for String Loops:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0QHZj9LJ-MhCf9dFei3qRUOjJxkPNsSPsD2zYB0aoaae9lq6dP2iPuO4HcyBgk8TpZe6sYEmUphaaiK6fwzp8Dlegj5xeicnf6XoTEEGNpaS1m56uc1u89lwaWHfop2RR3DOUIVpB6994/s1600/Selection_027.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="113" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0QHZj9LJ-MhCf9dFei3qRUOjJxkPNsSPsD2zYB0aoaae9lq6dP2iPuO4HcyBgk8TpZe6sYEmUphaaiK6fwzp8Dlegj5xeicnf6XoTEEGNpaS1m56uc1u89lwaWHfop2RR3DOUIVpB6994/s400/Selection_027.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
This is the dialog for Integer Loops:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4RUf4IFbfEqJyKgMOLGnZUBks3ncABaQcBrUJIaj2RghqWXN7GknSwHfVWK_PohpNYr4Dt9O3JstToGrsEgmRnpqajdNTd5ymTUxOexyiXdN3NQ_80OyIVm5eHv72V8cYRnwCyvaObgq-/s1600/Selection_028.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4RUf4IFbfEqJyKgMOLGnZUBks3ncABaQcBrUJIaj2RghqWXN7GknSwHfVWK_PohpNYr4Dt9O3JstToGrsEgmRnpqajdNTd5ymTUxOexyiXdN3NQ_80OyIVm5eHv72V8cYRnwCyvaObgq-/s400/Selection_028.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
This is the dialog for File (only fuzzers files)</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiswOaDcX0POrFneLzU0tL-2LuuPnESOcrVbQkxsApD8if1CDjCSNxLQJY5JZ05S7Z1ah2uEb5qnSCSoKWRFp99yEkQgEsPTwlPaswEbQQX5XjjVovsRZpDIqc_1rF4PqzPFxu1BhuBPq9s/s1600/Selection_029.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="113" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiswOaDcX0POrFneLzU0tL-2LuuPnESOcrVbQkxsApD8if1CDjCSNxLQJY5JZ05S7Z1ah2uEb5qnSCSoKWRFp99yEkQgEsPTwlPaswEbQQX5XjjVovsRZpDIqc_1rF4PqzPFxu1BhuBPq9s/s400/Selection_029.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Thes interfaces are much more easy.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
As you can see, I inserted a new field: "Variable Name". This is a change I had to made to loops because it helps a lot in the usage of the tokens iside the loops.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This week I planned to clear the code and make a, hopefully, definitive push for Loops. </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-5866663872698357092013-08-09T13:13:00.001+02:002013-08-09T15:43:46.006+02:00Week - 10 Graphic User InterfaceThis week I started working on the GUI for Zest.<br />
I started with the UI for Loops, since they should be much more easier than the Complex Conditionals.<br />
<br />
Here some simple snapshot (click on the img for zooming):<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://dl.dropboxusercontent.com/u/5100168/loopsUI/loops1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://dl.dropboxusercontent.com/u/5100168/loopsUI/loops1.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://dl.dropboxusercontent.com/u/5100168/loopsUI/loops2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="195" src="https://dl.dropboxusercontent.com/u/5100168/loopsUI/loops2.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://dl.dropboxusercontent.com/u/5100168/loopsUI/loops3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="194" src="https://dl.dropboxusercontent.com/u/5100168/loopsUI/loops3.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: justify;">
The images above show how user can create loops graphically (in the example, loops through values stored in a file).</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
After this simple realization, I started developing another feature: "Surround with..". This feature allow users to add some statement, select them, and wurround them with a Loop!</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
This week I've implemented these two features.</div>
<br />
Two things are missing now:<br />
<div class="separator" style="clear: both; text-align: justify;">
</div>
<ol>
<li>to allow user load fuzzer files for loops;</li>
<li>Complex conditionals UI.</li>
</ol>
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-91768435905938228762013-08-02T17:58:00.001+02:002013-08-02T17:58:44.536+02:00Week 9 - ZestLoop development & Pull RequestThis week I continued on ZestLoop, as the realization required much more time I expected.<br /><br />This required so much time, because of a wrong interpretation of the requirements.<br />
Differences in the code are:<br />
<br />
<ul>
<li>elimination of the ZestLoopToken;</li>
<li>change of the inheritance;</li>
<li>the creation of the ZestLoopFile;</li>
<li>the creation of a different type of TokenSet for integers (to allow loops as follows: <i>FOR i FROM 0 TO 1000</i>);</li>
<li>some other minor stuff.</li>
</ul>
<div>
After this merge, I'll start working on the UI for ZAP.</div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-41323006660895592892013-07-27T17:52:00.003+02:002013-07-27T17:52:59.115+02:00Week 8 - ZestLoops development and improvements8th week over... This week I continued on development of ZestLoops. Unfortunately some problems with serialization/deserialization with gson forced me to edit the previous code, and to differentiate loops between String and Integer values.<br />This change allows also a better representation of Loops based on Integers value (i.e. in the form "<i>FOR i FROM 0 TO 10000000" </i>): in fact, the previous code consisted on the creation of a set of integers between 0 and <i>10000000 </i>(westfulness)<i>.</i><br />
The new design splits the representation of Loops based on Strings (which uses more or less the previous code) and the one based on Integers; this second type only persists the State of the loop, i.e. the start value, the current value and the final one (in the example above, at step 5, only the values 0,5 and 10000000 are persisted).<br />
<br />
This representation was discarded in the previous Loop code, because it didn't allowed loops of the form "<i>FOR token IN [1,2,3,5,6,4,8,9]</i>". After a chat with the mentor, we decided to represent this last type of loop as a ZestLoop based on String instead of Integers. The main reason of this decision is the following: such loop type could be used only if an user wants to take the value and put it inside the request/response. For this reason it is reasonable to interpret these values as Strings.<br />
<br />
This week I also performed some tests on the previous code. Tests seem to work and passed also after the changes made!<br /><br />I hope to be able to push the definitive code in few days!<br />
<br />Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-60718661451639304692013-07-18T16:09:00.003+02:002013-07-18T16:09:39.083+02:00Week 7 - ZestComplexConditional & ZestLoop7th week is over. First official commit done!<br /><a href="https://github.com/mozilla/zest/blob/master/src/org/mozilla/zest/core/v1/ZestStructuredExpression.java">Here</a> the code :)<br />
<br />
ZestStructuredConditional manages Structured conditionals.<br />
<h4>
How does it work?</h4>
<div>
The main idea was to create a load of expression types (based on REGEX, status code, URL, ...). Each ZestElement which needs to evaluate a list of expression build a StructuredExpression (which is an AND/OR of a list of other expressions). The mechanism is very simple: once the StructuredExpression had been built, the evaluation calls the method evaluate for each sub-expression. In this way an Expression Tree is built, and the evaluation mechanism works recalling the evaluation for each leaf; each internal node, which is an AND/OR expression, collect all the results of the children and compute an AND/OR evaluation of the boolean received by the children; the root will then return the value of the whole expression.<br /><br />All tests of this work can be found in the official <a href="https://github.com/mozilla/zest/tree/master/test/org/mozilla/zest/core/v1">repo</a>.</div>
<div>
<br /></div>
<h4>
ZestLoop</h4>
<div>
Next task is a bit more tricky. Now Zest does not allow to use loop... I started developing this feature creating a new class: ZestLoop. This class should represent a particular statement which is a container of other statements.<br />I created a first <a href="https://docs.google.com/document/d/1D9ZK3J-FJzkrHoosMiupfcsb6IVgoZv1k9m_l0okc8U/edit">draft</a> of design and I started implementing how it should work. All the code I'm writing can be found in my <a href="https://github.com/seccoale/zest/tree/master/src/org/mozilla/zest/core/v1">repo</a>. </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
By the way, the current implementation is not really good. The biggest problem I found is that this does not separate the runner from the code: the current realization must have a reference to the whole Script and to the Runner. Loops are still under design phase, so I plan to solve this issue next week and, maybe, to make another pull request. :)<br /><br />Here a snapshot of the UML of the current implementation:</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeu_zyNcaAyr-x5rgM87qS3xMdH6nQ0H0YZlLQ9gXCZFIExRLFS3n8IrDSw5OmlgPJzZPodWM2jIf6QZVXbyWVAqJK7A6iqhC8U_6OHCKPaEB7LyG82_2cXjV_ckqDmxIFJPcU7JReqIxc/s1600/ZestLoop.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeu_zyNcaAyr-x5rgM87qS3xMdH6nQ0H0YZlLQ9gXCZFIExRLFS3n8IrDSw5OmlgPJzZPodWM2jIf6QZVXbyWVAqJK7A6iqhC8U_6OHCKPaEB7LyG82_2cXjV_ckqDmxIFJPcU7JReqIxc/s400/ZestLoop.jpg" width="270" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com1tag:blogger.com,1999:blog-8811595299555205298.post-87427048946129330042013-07-12T19:12:00.003+02:002013-07-12T19:14:42.799+02:00Week 6 - Editing Zest Complex ConditionalThis is the sixth week: the exam session is about to finish. <br />
This week I worked on the code I wrote last week following some comments and suggesions from the mentor.<br />
Most important point were:<br />
<ul>
<li>Creation of a new class: ZestStructuredExpression;</li>
<li>Modified inheritance of classes</li>
</ul>
<div>
the previous two points were to avoid code duplication for the ZestExpression[And,Or]. The current structure is the following:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://github.com/seccoale/zest/blob/master/src/uml/complex%20conditionals.png?raw=true" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="201" src="https://github.com/seccoale/zest/blob/master/src/uml/complex%20conditionals.png?raw=true" width="400" /></a></div>
<br /></div>
<div>
<ul>
<li>Developed the code of the method deepCopy for all the new classes.</li>
</ul>
<div>
Last week I didn't wrote this method.</div>
</div>
<div>
<ul>
<li>Made some structural changes (e.g. deleted the reference to the parent of a conditional, the name, ...).</li>
</ul>
<div>
Next week is reserved for tests and, maybe, I'll try to integrate it at the ZAP side.</div>
</div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-58781346597158644412013-07-05T18:20:00.000+02:002013-07-05T19:26:29.501+02:00Week 5 - ZAProxy & Zest Complex ConditionalDuring 5th week I found a bug I what I developed last week. I started trying to solve the issue, but after some time spent on that problem, the mentor and I decided to start developing on Zest side: Complex Conditional.<br />
<br />
Ref: <a href="https://docs.google.com/document/d/1oAx26AU5gs4WKVXeI1pQF-sC-B9CiVXd7R3PDz7Sikw/edit#heading=h.xgiwfxe7dwpf">https://docs.google.com/document/d/1oAx26AU5gs4WKVXeI1pQF-sC-B9CiVXd7R3PDz7Sikw/edit#heading=h.xgiwfxe7dwpf</a><br />
<br />
The structure I came up now is this:<br />
<br />
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"></b><br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: white; color: #222222; font-family: Arial; font-size: 13px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">ZestConditional</span></b></div>
</li>
</ul>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; font-weight: normal; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.275; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="background-color: white; color: #222222; font-size: 13px; vertical-align: baseline; white-space: pre-wrap;">ZestBooleanAnd</span></b></div>
</li>
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.275; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="background-color: white; color: #222222; font-size: 13px; vertical-align: baseline; white-space: pre-wrap;">ZestBooleanOr</span></b></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: square; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.275; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="background-color: white; color: #222222; font-size: 13px; vertical-align: baseline; white-space: pre-wrap;">ZestExpressionRegex (regex exp1)</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: square; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.275; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="background-color: white; color: #222222; font-size: 13px; vertical-align: baseline; white-space: pre-wrap;">ZestExpressionRegex (regex exp2)</span></b></div>
</li>
</ul>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.275; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="background-color: white; color: #222222; font-size: 13px; vertical-align: baseline; white-space: pre-wrap;">ZestBooleanStatusCode (200)</span></b></div>
</li>
</ul>
<li dir="ltr" style="list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44" style="font-family: Arial; font-size: 15px; font-weight: normal; line-height: 1.275;"><span style="background-color: white; color: #222222; font-size: 13px; vertical-align: baseline; white-space: pre-wrap;">List <ZestStatement> ifStatements etc...</span></b><br />
Going more inside, I designed the following internal structure for each class/interface:</div>
</li>
</ul>
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">abstract class ZestExpression extends ZestElement implements ZestConditionalElement:</span></b></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">List<ZestConditionalElement> children;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">boolean not;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">ZestConditionalElement parent;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">String name;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">static int counter; // for the default name</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">abstract boolean evaluate;</span></b></div>
</li>
</ul>
</ul>
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">class ZestConditional extends ZestStatement implements ZestContainer, ZestConditionalElement:</span></b></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">List<ZestConditionalElement> children;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">List<ZestStatement> ifStatement;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">List<ZestStatement> elseStatement;</span></b></div>
</li>
</ul>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">class ZestBoolean[And,Or] extends ZestExpression implements ZestConditionalElement:</span></b></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">ZestConditionalElement parent;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">List<ZestConditionalElement> children;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">boolean evaluate();</span></b></div>
</li>
</ul>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">interface ZestConditionalElement extends ZestContainer</span></b></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">getIndex(); //return the index of the statement;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">getChildren();// returns the children;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">isLeaf();//true if it has no children;</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">isRoot();// if it is the root of the Conditional Tree</span></b></div>
</li>
<li dir="ltr" style="font-family: Arial; font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="vertical-align: baseline; white-space: pre-wrap;">evaluate();// evaluate the whole condition.
</span></b></div>
</li>
</ul>
</ul>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><br /><span style="font-family: Arial; font-size: 15px; font-weight: normal; vertical-align: baseline; white-space: pre-wrap;"></span></b>
<br />
<div dir="ltr" style="font-weight: normal; line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">The structure above had been implemented and the javadoc is done, and this a basic UML:</span></b></div>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44">
</b>
<div class="separator" style="clear: both; font-weight: normal; text-align: center;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"></b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgQwoFmgwszZhKJ0-VNtvU2MLNcGmGn69YJYBTjKelpWabIqxogt5hTSdMgtwuDv05p5mx7haXNEsdfsGu4bfXtjgKi854ZziRv0S9eviqG7Gv2jJsMqcYDkM5aGVB8M013RJU2ljfIVfz/s1600/ZestComplexConditionals.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgQwoFmgwszZhKJ0-VNtvU2MLNcGmGn69YJYBTjKelpWabIqxogt5hTSdMgtwuDv05p5mx7haXNEsdfsGu4bfXtjgKi854ZziRv0S9eviqG7Gv2jJsMqcYDkM5aGVB8M013RJU2ljfIVfz/s400/ZestComplexConditionals.png" width="400" /></a></div>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44">
<div dir="ltr" style="font-weight: normal; line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="font-weight: normal; line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
</b><br />
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline;">And here you can find my fork of the Zest repo (with the structure developed):<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44">
<a href="https://github.com/Vankar/zest" style="color: #1155cc; font-family: Arial; font-size: 15px; font-weight: normal; line-height: 1.15; text-decoration: none; white-space: pre-wrap;">https://github.com/Vankar/zest</a></b></span><b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><span style="font-family: Arial; font-size: 15px; font-weight: normal; line-height: 1.15; vertical-align: baseline; white-space: pre-wrap;"></span></b></div>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"></b><br />
<div style="font-weight: normal;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><br /></b></div>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44">
</b>
<div style="font-weight: normal;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44">Some tests has started (very basic and not checked in).</b><br />
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><br /></b>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><i>Note the assumption: </i><b id="docs-internal-guid-1923fe00-af9e-68fe-0d63-08d94ffe33ea" style="font-weight: normal;"></b></b><br />
<div dir="ltr" style="display: inline !important; line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><b id="docs-internal-guid-1923fe00-af9e-68fe-0d63-08d94ffe33ea" style="font-weight: normal;"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">2 Expression of the same class can have the same name!</span></b></b></div>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44"><b id="docs-internal-guid-1923fe00-af9e-68fe-0d63-08d94ffe33ea" style="font-weight: normal;">
</b></b></div>
<b id="docs-internal-guid-1923fe00-af9d-0481-1589-4a845afd6d44">
<div style="font-weight: normal;">
<b style="font-weight: normal;"></b><br />
<div dir="ltr" style="display: inline !important; line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b style="font-weight: normal;"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">
Any comment, tip or advice on the Structure of the Complex Conditional is greatfully welcome :)</span></b></div>
<b style="font-weight: normal;">
</b></div>
</b>Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-45280158956674880652013-06-27T20:05:00.002+02:002013-06-27T20:06:52.906+02:00Week 4 - Filters and ProxyScriptThis week I tried to manage exams and coding as well as I could... and I think I had nice results :D<br />
<br />
The goals of the week are the following:<br />
<br />
<ol>
<li>Deeper understanding of the code;</li>
<li>First snippets of coding which can be used:</li>
<ol>
<li>Filters & Containers;</li>
<li>UI.</li>
</ol>
</ol>
<div>
Going deeper into the details:</div>
<div>
I understood and learned (more and less) how ZAProxy is built (restrictly to those classes I worked with). Above all I understood how modular is the architecture of the program, and I improved knowledge on those modules I needed.<br />
<br />
Then I continued playing with the code, trying to make something useful for the project: I started both from Zest and ZAP side:</div>
<h4>
Zest side:</h4>
<div>
I improved the design and I created the main interfaces and abstract classes (and some implementations) for the replacing of the current ZAP Filters.<br />
A more detailed description can be found <a href="https://docs.google.com/document/d/1KCdNCaJgE_09xrcGacOcXwVfQsupA49PBab78iMDnVY/edit" target="_blank">here</a><br />
<br />
<h4>
ZAP side:</h4>
</div>
<div>
I worked on the UI. First I mistook to understand the requirements creating this:<br />
<b id="docs-internal-guid-1923fe00-86c6-2f04-6d4e-7450ce0ef153" style="font-weight: normal;"><img height="289" src="https://lh4.googleusercontent.com/bNM5QM2HI9ReKf_p0w3SEnMLFIUjmtFk1rIs9BEhb34VyB34P2hfPHfw4gFMXpLs9qQwaTCtTd_4j-mKsNqi9NrlYvNlvuOueJ-qdIRv_-pP69-wEDKRRprhkw" width="400" /></b></div>
<div>
<b style="font-weight: normal;">(at least I learned how to create voices on the right click menu using ZAP classes :D ).</b><b><span style="font-weight: normal;">And I started creating a Dialog to manage the filters.</span></b></div>
<div>
<b style="font-weight: normal;"><br />Then I replaced with the correct UI:</b></div>
<div>
<b id="docs-internal-guid-1923fe00-86c8-6139-563d-f775d5dbf037"><span style="font-weight: normal;"><img height="290" src="https://lh3.googleusercontent.com/S1ppzA8iEgdUaAuQ0T5EV3en1XufFdmHzgkeFaQw4accxhDcX6rTBInUl7CKCnufnUuz3I4xnddFukcc5wreTH0I_VwgbtuW2X8tQVoaigK2Mg0bsmVu81gsjg" width="400" /></span><br /><span style="font-weight: normal;">(new icons </span></b><b id="docs-internal-guid-1923fe00-86c8-6139-563d-f775d5dbf037"><span style="font-weight: normal;">needed</span></b><b><span style="font-weight: normal;">!!!)</span></b></div>
<div>
<b><br /><span style="font-weight: normal;">Unfortunally the exam period won't finish until 20th of July, then I do hope to increase </span></b>substantially<b id="docs-internal-guid-1923fe00-86c8-6139-563d-f775d5dbf037"><span style="font-weight: normal;"> my speed on coding!!</span></b></div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-56282075745619633342013-06-20T22:22:00.001+02:002013-06-21T21:18:15.925+02:00Week 3 - ZAP Filters & Zest Scripts<i>Because of a couple of exams this week, I had to slow down a bit.</i><br />
<br />
This week I concentrated on the design of somewhat which could replace current ZAP Filters with Zest Scripts.<br />
The goals of this week were to design such interfaces and to give some feedback on the usage of Zest.<br />
<br />
Both the design and the example of usage for Zest can be found at this <a href="https://docs.google.com/document/d/1KCdNCaJgE_09xrcGacOcXwVfQsupA49PBab78iMDnVY/edit#" target="_blank">link</a>, while the developed code can be found on my <a href="https://bitbucket.org/vankar/dinamically-configurable-actions" target="_blank">repo</a> (only few lines :( but I hope they are well documented and well designed :D ).<br /><br /><i>[UPDATE July 21st]</i> After a chat with the mentor, we fully designed the complete add-on. I also started with the integration of the Zap Filter replacement.Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-70637357998954810372013-06-13T17:09:00.001+02:002013-06-13T17:09:18.833+02:00Week 2 - "learn by play"This is the second week of GSoC. I started the paradigm "learn by play"!<br /><br />These are the progresses:<br />
<br />
<ul>
<li>Started playing with the code of both ZAP and Zest;</li>
<li>Started the design phase about the replacing of current Filters.</li>
<li>Started writing some sample extensions for ZAP (which substantially do nothing);</li>
<li>Gained a better knowledge of Zest, with some lack of the language;</li>
<li>Understood better the steps I have to follow for the integration.</li>
</ul>
<div>
Nothing useful had been implemented yet, but I played a lot with the current code, and:</div>
<div>
<ul>
<li>I improved a lot my knowledge. </li>
<li>Much more aware of next steps!</li>
<li>I had fun ;)</li>
</ul>
</div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-75063080426206802722013-06-06T17:45:00.001+02:002013-06-06T17:45:49.613+02:00First WeekThis is my first week of GSoC, and we are still in the Community Bonding period.<br /><br />In this week I started looking deep inside the code and, after a chat with the mentor, we figured out the first development phase.<br />
<br />
<h3>
Replacing ZAP filters with ZEST</h3>
<div>
Filters in ZAP are not very used because of their lack of flexibility. The idea is to replace them completely with zest.<br />The designing phase has started.</div>
<div>
<br /></div>
<h3>
Goals achieved</h3>
<div>
<b>About the Community Bonding Period:</b></div>
<div>
<ul>
<li>I started reading documentation;</li>
<li>Chatted in the IRC channel;</li>
<li>Chatted with the mentor for more details and tips for a boost in first stage;</li>
</ul>
<b>Outside the Community Bonding Period:</b><br /><ul>
<li>First usecase for zest found: filters;</li>
<li>Postponed the complex conditionals development inside zest;</li>
<li>Better knowledge of ZAP and Zest code.</li>
</ul>
</div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0tag:blogger.com,1999:blog-8811595299555205298.post-42413145732996100462013-05-28T12:20:00.000+02:002013-05-28T12:37:29.571+02:00Accepted project: Dynamically Configurable actions add on<b>Short description:</b> A plugin for OWASP Zed Attack Proxy will be developed to let users create and run Mozilla ZEST scripts with an as easy as possible interface.<br /><b><br /></b><div>
<b>Additional info: </b>https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_ZAP:_Dynamically_Configurable_actions<br /><br /><b><span style="font-size: x-large;"> Introduction</span></b><br /><br />ZAP provides various mechanisms which allow HTTP requests and responses to be changed dynamically. So (for example) a string in an HTTP request can automatically be changed to another string.<br /><br />It also supports a scripting interface, which is very powerful but at the moment difficult to use.<br /><br />This project would introduce something inbetween thess 2 options - a powerful way of defining (potentially) complex rules using a wizard based interface.<br /><br />The challenge will be to make it as usable as possible while still providing a wide range of functionality.<br /><br />Zest is a specialized scripting language developed by the Mozilla security team and is intended to be used in web orientated security tools. A Zest add-on for ZAP already exist, but it is in a very early stage, and let the user only create very simple scripts.<br /><br />This proposal will guarantee the user to create longer and more complex Zest scripts, introducing new structures as Complex Conditionals, Asserts and an easy and intuitive GUI, providing a wide range of functionality. </div>
<div>
<br /><b><span style="font-size: large;"> Project Goals:</span></b><br /><br />After discussing the idea with the mentor, I had set the following goals: <br /><ul>
<li>Create a full documentation (both wiki and javadoc) for the current implementation of Zest and his add-on for ZAP: </li>
<li>the current implementation of zest contains no javadoc, and I think that, even if the code is quite simple to read, a full documentation for future implementations and extensions is reccomended; </li>
<li>Improve Zest (Complex Conditionals, Assertions, ...) </li>
<li>Find some good integration points and create a standard and extensible interface that can be easily reused to add new integration points (maybe introducing hooks like ActionHooks for extensions); </li>
<li>Create some zest examples reguarding the integration points found; </li>
<li>Create an intuitive GUI for a simple creation of the zest scripts, keeping in mind that: </li>
<ul>
<li>the creation must be as simple as possible; </li>
<li>the GUI must guarantee a wide range of funcionality to the zest script; </li>
</ul>
<li>Create all the documentation needed for an user with no experience in vulnerabilities and attacks to let him create a zest script. </li>
</ul>
All the work must observe these requirements: <br /><ul>
<li>The code must be: </li>
<li>Clean and easy to follow; </li>
<li>Include a full set of unit tests; </li>
<li>Include good and full documentation. </li>
</ul>
<div>
<br /><b><span style="font-size: x-large;"> Work and implementation</span></b><br />In this section I will describe more in detail the work. Please look the timeline in order to see how I suppose to split the work and not look at the order of the points in this section.<br /><br /><span style="font-size: large;"><b>Documentation of the existing code</b></span><br />First step is the creation of the whole documentation for zest. Then the wiki will be completed with the missing pages in the zest-core section.<br /><br /><span style="font-size: large;"><b>Design (detailed specs) & creation of usecases</b></span><br />Second step consists in a designing phase, in order to write down a simple and extensible interface for the creation of zest scripts.<br /><br />This designing phase must be combined with some examples of usage, that will be considered as possible integration points for the addOn. By the way, the idea is to guarantee the usage of the add on for the examples above, but must be more flexible, in order to let users create their own usecases (in the future other extensions and integrations has to be developed easily).<br /><br /><b>Some usecases are the following:</b><br />Suppose to have a wizard with 3 steps (each of wich with a different anti CSRF token), and user wants to test a parameter in the last step, and he has to pass through the first two steps; <br />Suppose that a WEB application detects an attack and logged the user out; the user will be able to detect this with a zest script and reauthenticate in a very easy way; <br />Suppose a user wants to edit manually the requests (or run a script) when a given condition happens: he will simply set the conditional in the zest script and put a break point; <br />Suppose a user wants to test a set of string which can cause injection: he will simply set up the zest script changing the requests in order to test the strings and set a break point when an injection occurs. <br /><br /><br />other scenarios will be added during this phase.<br /><br /><br /><b><span style="font-size: large;">Implementation</span></b><br />This part includes the following stages:<br /><ol>
<li>Improve the existing zest code: </li>
<ol>
<li>construption of Complex Conditions, collecting simple conditions (regex, status code, response time ones). More details about the implementation of this feature can be found here: <a href="https://groups.google.com/forum/?fromgroups=#!topic/mozilla-zest/5Uhs67ogLkg">https://groups.google.com/forum/?fromgroups=#!topic/mozilla-zest/5Uhs67ogLkg</a>; </li>
<li>managing break points (suspension of the script until an event occurs); </li>
<li>managing scripts (suspension of the zest script, run of another script specified by user, resume of the zest script); </li>
</ol>
<li>Creating/improving the ZAP add on. </li>
</ol>
<b>The gui</b><br />The current version of the zest add-on guarantees a very unstructured way to add the requests/responses to the zest script, but the creation of IF/THEN/ELSE statements and the configuration of the actions is quite difficult. By the way, the usage of a wizard to set up the action could be too structured for the user.<br /><br />In the following line I'll show you some extracts of the final GUI.<br /><br /><br />First this is a snaphot of the current way perspective:<br /><br /><br /><img src="https://dl.dropboxusercontent.com/u/5100168/OWASP/zest%20scripts.png" /><br /><br /><br />In the current perspective the user is able to add IF/THEN/ELSE clauses and to modify the parameters of the requests.<br /><br /><br />This is the current perspective for manipulating requests: <br /><br /><br /><img src="https://dl.dropboxusercontent.com/u/5100168/OWASP/request.png" /><br /><br /><br />It is a bit difficult to use: now we have only two parameters, but suppose to have a much longer body. It is quite difficult to manage it.<br /><br /><img src="https://dl.dropboxusercontent.com/u/5100168/OWASP/proposal_request.png" /><br /><br /><br />This second image represents a simpler way to edit requests and responses: the user should only edit the “editable” strings in the TextField.<br /><br /><br />With a right click the user is allowed to add new fields, remove fields, the add-on will then create the complete body of the request.<br /><br /><br />This perspective gives also the user the opportunity to mark some parts of the editable fields. These marked parts can then be changed with some other values (for example a list of String given by the user through a text file) or can be stored into token in order to be used again later in the script.<br /><br /><br />In the following image, is showed the current way to add a conditional.<br /><br /><br /><img src="https://dl.dropboxusercontent.com/u/5100168/OWASP/condition.png" /><br /><br /><br />To put some action inside the IF clause, the user has to right click on the if, and decide to add a new action, or condition.<br /><br /><br />The current perspective does not allow users to create more complex conditions: the usage of AND, OR, NOT clauses are not allowed here.<br /><br /><br />The final GUI will let the user write conditionals using a textField as the following:<br /><br /><br /><img src="https://dl.dropboxusercontent.com/u/5100168/OWASP/complexCondition.png" /><br /><br /><br />lets call "condRegex1", "condResponseTime" and "conditionStatusCode" simple conditional. All the simple conditionals can both be defined in the text field or be defined through name. Suppose for example we want to define condRegex on the body of the request as follow:<br /><br /><i>"\Q<script>alert(1);</script>\E"</i><br /><br /><br />The application will then associate univocally condRegex1 and "\Q<script>alert(1);</script>\E".<br /><br /><br />The user will see a label containing the full declaration of the simple condition putting the cursor on it, and he will be able to edit the condition with a double click on the name of the simple condition.<br /><br /><br />The application will then parse the text field creating the full Conditional with a BuilderPattern. <br /><br /><br />In this case, the creation of the simple criterias remain more or less the same of the current version.<br /><br />You can see a better description with a graphical perspective: <a href="https://groups.google.com/forum/?fromgroups=#!topic/mozilla-zest/5Uhs67ogLkg">https://groups.google.com/forum/?fromgroups=#!topic/mozilla-zest/5Uhs67ogLkg</a><br /><br />and here you can download a little demo of the front end of this part:<br /><br /><a href="https://dl.dropboxusercontent.com/u/5100168/OWASP/prototype.jar">https://dl.dropboxusercontent.com/u/5100168/OWASP/prototype.jar</a><br /><br />The Repository is at this link:<br /><br /><a href="https://bitbucket.org/vankar/zest-complex-conditional">https://bitbucket.org/vankar/zest-complex-conditional</a><br /><br />The case of the break points can be managed with a pop up which rise with the correct condition. The popup is structured into tabs, and lets the user make all the actions he needs to. The zest script resumes once user press apply or ok to the pop up. </div>
<div>
<br /><b><span style="font-size: x-large;"> Timeline</span></b><br />The project has substantially these deliverables:<br /><br /><ul>
<li>design; </li>
<li>develop; </li>
<li>documentation; </li>
<li>test. </li>
</ul>
<br />The main idea is to loop between these 4 steps:<br /><ol>
<li>first the design a new usecase of zap defining an example of usage; </li>
<li>develop hooks and integration; </li>
<li>creation of the documentation about the code already developed; </li>
<li>test. </li>
</ol>
This timeline is very flexible, and allows to put other phases, for example a review one, ie after people have had a chance to play with the code.<br /></div>
<div>
<b><span style="font-size: x-large;">About me</span></b><br /><br /><br /><b>Short bio / overview of your background: </b><br /><br /><br /><b>2011-current: </b><br /><br />M.S., University of Padua. Currently pursuing the M.S. in Computer Engineering. <br /><br /><br /><b>2008-2012: </b><br /><br />B.S., University of Padua, 93/110. Bachelor in Information Engineering<br /><br /><br /><b>M.S. exams:</b> <br /><br />Data Bases 26/30 <br /><br /><br />Computer Networks 30/30 cum laude <br /><br /><br />Parallel Computing 30/30 cum laude <br /><br /><br />Data Structures And Algorithms 2 30/30 <br /><br /><br />Strategic Enterprise Management 30/30 <br /><br /><br /><b>Current GPA: </b><br />29.2/30</div>
<div>
<br /><b><span style="font-size: large;">Coding Skills</span></b><br /><br /><b>What platform do you use to code?</b> Hardware specifications and operating system <br /><br />I always work under Linux. I often change distribution, but now I've installed Linux Sabayon (gentoo based & preferred one) and Ubuntu.<br /><br /><br /><b>Hardware:</b> Laptop Dell XPS 17: Specifications: <br />CPU: intel i7-740 <br />RAM: 4GB DDR3 1.333 GHz <br />HDD: 500GB <br /><br /><br /><b>Did you ever code in C or C++/Perl/python/..., yes/no? what is your experience?</b>I have good exeperience with Java and C++ (Java is the better known). I can also have experience with BASH, C, little of Python and some others.<br /><br />Here a little description of the projects I collaborated for:<br /><br /><b><span style="font-size: large;">Bachelor Thesis</span></b><br /><b>Title</b><br />eLaw: automatic management of notarial deeds<br /><br /><b>Supervisor</b><br />Professor Enoch Peserico and Engineer Federica Bogo<br /><br /><b>Keywords</b><br />eLaw, automatic, management, notarial deeds<br /><br /><b>Description</b><br />This work consists on the description of the productive and working model of a new software, whose aim is the automation of notarial deeds management. This document explains the usage of important informations retrieved in a notarial deed and describes how these informations are used in order to fill automatically some forms under the ministerial directives. The software here described is an OpenOffice extension which is supposed to be a valid alternative of the actual notarial softwares semplifying and automating some of the notary work. The pros of this work are the easy-to-use interface and the automatization. Reading this work you'll also see how this application can be easily used in other contexts.<br /><br /><b><span style="font-size: large;">Experiences</span></b><br /><br />2011-current, University of Padua<br /><br /><b>"Web Quality Project"</b>I'm involved in the Web Quality Research Team. Our goal is to perform a complete crawl of the italian web in order to test and compare different ranking algorithms. My role is to manage the crawl (hardware and software perspective) and to write an efficient extension of the Heritrix web crawler. Here i am making a large use of Java and Bash, I'm also using Spring framework to write Heritrix extension, tomcat and jsp.<br /><br /><br /><b>2012,ERASMUS-LLP (IP) Course “Secure WEB Applications: Best Practices for Protection & Development” Glamorgan University, Pontypridd</b><br />Intensive Program on the topic of Web Security and the best practices for Protecting & Development.<br /><br />2012, University of Padua<br /><b>DNA Assembly</b><br />I worked in a DNA Assembly project for my Parallel Computation exam. My role was to create and to study the efficiency of the parallelization related to the extraction and the filtering of reads. Here i used C++, POSIX threads.<br /><br /><br />2012, University of Padua<br /><b>Covering Firm Web Application</b><br />I collaborated on the creation of a web app lication for my Data Bases exam. The application had to manage orders, catalogue and warehouse for a covering organization. Here i used Java, OpenOffice UNO library, Castor, JDOM, XML and DTD.<br /><br /><br />2011, University of Padua<br /><b>GPS for maemo</b><br />I collaborated on the creation of an application for a Nokia maemo based n900 for the Embedded System exam. The goal of this app is to get data from GPS sensors and to plot this data in a 2D map. Here i used C++, Qt and Maemo framework.<br /><br /><b>If you apply for a project on our ideas list, have you experience in the areas listed under "Desired knowledge"?</b><br />As you can read above, or in my web site, I have the experiences listed as Desired Knowledge.<br /> <br /><b><span style="font-size: large;"> Contact</span></b> <br /><b>Full Name:</b> Alessandro Secco<br /><br /><b>University / current enrollment:</b> University of Padua (Italy). M.S. in Computer Engineer.<br /><br /><b>Web site:</b> <a href="http://www.dei.unipd.it/~seccoale/">http://www.dei.unipd.it/~seccoale/</a> <br /><br /><b>mail:</b> seccoale@gmail.com<br /><b> References</b><br /> <br /><a href="https://www.owasp.org/index.php/GSoC_SAT">https://www.owasp.org/index.php/GSoC_SAT</a> <br /><a href="https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_ZAP:_Dynamically_Configurable_actions">https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_ZAP:_Dynamically_Configurable_actions</a> <br /><a href="http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/guifre/3006">http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/guifre/3006</a> <br /><a href="https://groups.google.com/forum/?fromgroups=#!topic/zaproxy-develop/TloQLHSJmdE">https://groups.google.com/forum/?fromgroups=#!topic/zaproxy-develop/TloQLHSJmdE</a> <br /><a href="https://developer.mozilla.org/en-US/docs/Zest">https://developer.mozilla.org/en-US/docs/Zest</a> <br /><a href="https://code.google.com/p/zap-extensions/wiki/AddOn_Zest">https://code.google.com/p/zap-extensions/wiki/AddOn_Zest</a> <br /><a href="https://github.com/mozilla/zest/wiki">https://github.com/mozilla/zest/wiki</a> <br /><a href="https://groups.google.com/forum/?fromgroups=#!topic/mozilla-zest/5Uhs67ogLkg">https://groups.google.com/forum/?fromgroups=#!topic/mozilla-zest/5Uhs67ogLkg</a> <br /><br /><br /><br /><br /><b> Any advice or comments would be gratefully welcome.</b></div>
</div>
Anonymoushttp://www.blogger.com/profile/03467471369124765430noreply@blogger.com0