Updated security guides, added to uncategorized

rezen · Oct 19, 2017 · bf61918 · bf61918
1 parent 06210e1
commit bf61918
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 3 deletions.
diff --git a/security-openvas.md b/security-openvas.md
@@ -42,6 +42,15 @@ omp --pretty-print --xml='<get_reports report_id="adb7dc80-f3e8-4231-9533-56bd45
 xmllint --xpath 'string(/get_reports_response/report)' report.xml  | head -n -16 |  base64 --decode > report.csv
 ```
 
+```python
+from __future__ import print_function
+import openvas
+manager = openvas.omplib.OMPClient(host=sensor)
+manager.open(username, password)
+print(manager.get_targets())
+```
+
+
 ## Links
 - https://github.com/mikesplain/openvas-docker
 - https://www.linuxquestions.org/questions/linux-networking-3/openvas-create-new-tasks-from-omp-4175511045/
@@ -54,4 +63,6 @@ xmllint --xpath 'string(/get_reports_response/report)' report.xml  | head -n -16
 - https://www.nopsec.com/blog/docker-based-openvas-scanning-cluster-improve-scope-scalability/
 - https://www.linode.com/docs/security/install-openvas-on-ubuntu-16-04
 - https://joedsweb.wordpress.com/2017/02/11/openvas-nagiosplugin/
-- https://www.coveros.com/automating-security-with-devops-it-can-work/
+- https://www.coveros.com/automating-security-with-devops-it-can-work/
+- http://docs.greenbone.net/API/OMP/omp-7.0.html
+- http://lists.wald.intevation.org/pipermail/openvas-devel/2010-August/002330.html
diff --git a/security-xss.md b/security-xss.md
@@ -5,4 +5,5 @@
 - https://excess-xss.com/
 - https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
 - http://phpsecurity.readthedocs.io/en/latest/Cross-Site-Scripting-(XSS).html
-- https://gist.github.com/sseffa/11031135
+- https://gist.github.com/sseffa/11031135
+- http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
diff --git a/security-zap.md b/security-zap.md
@@ -4,6 +4,13 @@
 - https://zaproxy.blogspot.com/
 - https://github.com/zaproxy/zap-api-python/tree/master/src/examples
 - https://digi.ninja/blog/zap_fuzzing.php
+- https://www.slideshare.net/psiinon/owasp-2014-appseceu
+- https://www.youtube.com/watch?v=eH0RBI0nmww&list=PLEBitBW-Hlsv8cEIUntAO8st2UGhmrjUB
+- https://cyberarms.wordpress.com/2015/05/03/automatic-web-app-security-testing-with-owasp-zap/
+- https://digi.ninja/blog/zap_fuzzing.php
+- http://engineering-you.blogspot.com/2014/03/active-scan-scripts-for-zap-porxy.html
+- https://medium.com/@PrakhashS/dynamic-scanning-with-owasp-zap-for-identifying-security-threats-complete-guide-52b3643eee04
+- https://www.slideshare.net/psiinon/automating-owasp-zap-devcseccon-talk
 
 ```shell
 zap-cli quick-scan --help

diff --git a/uncategorized.md b/uncategorized.md
@@ -5,4 +5,12 @@
 - http://unixseclab.com/index.php/2017/01/09/ssh-start-to-finish-certificate-authority-basics/
 - https://charity.wtf/2017/05/11/the-engineer-manager-pendulum/
 - https://medium.com/quick-mobile/monitoring-containers-with-prometheus-ffde286c17f7#.rzw5y9by3
-- http://harish11g.blogspot.com/2014/08/amazon-cloudformation-templates-automation-Amazon-CFT-AWS-top-best-practices-tips.html
+- http://harish11g.blogspot.com/2014/08/amazon-cloudformation-templates-automation-Amazon-CFT-AWS-top-best-practices-tips.html
+
+
+```shell
+# trace system calls
+strace curl https://www.google.com |& grep open
+```
+
+https://www.rebootuser.com/