Re: Urgent Action Needed: OWASP Joomla Vulnerabilities Scanner Project - Currently In-Active
5 views
Skip to first unread message
Claudia Casanovas
Feb 17, 2016, 1:52:09 PM2/17/16
to owasp-joomla-vuln...@lists.owasp.org, Aung Khant, Bernard Toplak, owasp-project-reviews
Hello Project Leader of the Joomla Vulnerability Scanner:
--
I have a request from Bernard Toplak to continue the great work already done and restart the activities on the project.
We have recently done a Health Check on your project accordance with Project Process work flow.
We have the following findings: Last Update or Commit was done on May 2013, no recent releases and or updates to the wiki page on January 2014.
Source force: https://sourceforge.net/projects/joomscan/
Please let us know if you wish to collaborate with Bernard or to transfer the project to him along using the Project Transition Form.
Project Transition Form - needs to be filled out in order to proceed.
Brief Overview of Bernard Toplak experience and expertise
:
Bernard Toplak, OWASP member and Joomla volunteer from
Croatia. I'm a member of official Joomla! Vulnerable Extensions List (VEL - http://vel.joomla.org ), and an author of JAMSS script (http://forum.joomla.org/viewtopic.php?f=714&t=778692)
I am contacting you on the subject of your project "*OWASP Joomla Vulnerability Scanner Project*". I have noticed this project wasn't updated or maintained for almost over 3 years now. Do you still have plans to work on it, and it's updates?
Let me tell you why I am asking. With over 10 years of administrating my company's hosting servers, and actively working as a PHP developer and recently PHP educator - I gathered a lot of real-life experience in identifying, cleaning and preventing vulnerabilities in a lot of PHP applications. So I have decided it would be interesting to try to gather all my scripts developed over the years, and build an OWASP project for scanning Joomla installations both - remotely, and locally. Project should be built in a flexible modular way, so it could be also extended to support other CMS-es too. Language of the tool would be, naturally, PHP.
Croatia. I'm a member of official Joomla! Vulnerable Extensions List (VEL - http://vel.joomla.org ), and an author of JAMSS script (http://forum.joomla.org/viewtopic.php?f=714&t=778692)
I am contacting you on the subject of your project "*OWASP Joomla Vulnerability Scanner Project*". I have noticed this project wasn't updated or maintained for almost over 3 years now. Do you still have plans to work on it, and it's updates?
Let me tell you why I am asking. With over 10 years of administrating my company's hosting servers, and actively working as a PHP developer and recently PHP educator - I gathered a lot of real-life experience in identifying, cleaning and preventing vulnerabilities in a lot of PHP applications. So I have decided it would be interesting to try to gather all my scripts developed over the years, and build an OWASP project for scanning Joomla installations both - remotely, and locally. Project should be built in a flexible modular way, so it could be also extended to support other CMS-es too. Language of the tool would be, naturally, PHP.
Thank you in advance for your time.
Claudia Aviles Casanovas
Project Coordinator
On Wed, Feb 17, 2016 at 8:56 AM, Bernard Toplak <ber...@toplak.info> wrote:
Hello Claudia and others,
I would like to share with all of you my offer to help on this project, or take over the maintenance and future version development if current project leaders don't have the time for it anymore. I have sent this offer for contribution/help to Mr. Aung Khant end of July 2015, and got two responses from Mr. Jack <io...@yehg.net>, and after that got no further responses or instructions how to proceed. I guess they are just busy.
So let me repeat my offer for contribution/help below.
My name is Bernard Toplak, OWASP member and Joomla volunteer from
Croatia. I'm a member of official Joomla! Vulnerable Extensions List (VEL - http://vel.joomla.org ), and an author of JAMSS script (http://forum.joomla.org/viewtopic.php?f=714&t=778692)
I am contacting you on the subject of your project "*OWASP Joomla Vulnerability Scanner Project*". I have noticed this project wasn't updated or maintained for almost over 3 years now. Do you still have plans to work on it, and it's updates?
Let me tell you why I am asking. With over 10 years of administrating my company's hosting servers, and actively working as a PHP developer and recently PHP educator - I gathered a lot of real-life experience in identifying, cleaning and preventing vulnerabilities in a lot of PHP applications. So I have decided it would be interesting to try to gather all my scripts developed over the years, and build an OWASP project for scanning Joomla installations both - remotely, and locally. Project should be built in a flexible modular way, so it could be also extended to support other CMS-es too. Language of the tool would be, naturally, PHP.
So, I am thinking about "Joomla Vulnerability Scanner v2", if you are interested to support the project, or even participate. Or in cases you are not interested, I can start a brand new project. I would very like to know your opinion about this idea?
Thank you and best regards,
--
Bernard Toplak
Twitter: @toplak
On 16.2.2016. 22:03, Claudia Casanovas wrote:
Hello Project Leader:
We have recently have done a Health Check on your project accordance with Project Process work flow.
We have the following findings: Last Update or Commit was done on May 2013, no recent releases and or updates to the wiki page on January 2014.
Wiki page:
Source force: https://sourceforge.net/projects/joomscan/
Unfortunately at this time the project will added to the OWASP Archived Projects of the OWASP Project Inventory and marked as in-active.
Please Note: At the time your project becomes active again, the OWASP Foundation will allocate a $500 budget amount to help you and your project continue its OWASP activities. Additional funding needs can be requested on the OWASP wiki site under funding.
If you have any updates or a different repository, please advise at your earliest convenience.
Please feel free to reach out to us with any questions.--
_______________________________________________ Owasp-joomla-vulnerability-scanner mailing list Owasp-joomla-vuln...@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-joomla-vulnerability-scanner
_______________________________________________
Owasp-joomla-vulnerability-scanner mailing list
Owasp-joomla-vuln...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-joomla-vulnerability-scanner
johanna curiel curiel
Feb 18, 2016, 7:27:07 AM2/18/16
to Claudia Casanovas, owasp-joomla-vuln...@lists.owasp.org, Aung Khant, Bernard Toplak, owasp-project-reviews
Hi Bernard,
Joomla is an old, inactive project but has proven to be very valuable.
So much, that it is still been used in major Pen testing distributions.
Their leaders are not maintaining the source code anymore.
The original code was written using Perl
>>So, I am thinking about "Joomla Vulnerability Scanner v2", if you are interested to support the project, or even participate. Or in cases you are not interested, I can start a brand new project. I would very like to know your opinion about this idea?
Considering you are probably think of rewriting a tool in PHP, I suggest to start a new project with this name.
As the old project is still being used and has around 400 downloads per week, it will be more convenient to allow users keep using the old version.
Claudia can provide more info on starting a new project at OWASP :)
Cheers
--
You received this message because you are subscribed to the Google Groups "owasp-project-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-project-re...@owasp.org.
To post to this group, send email to owasp-proj...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/owasp-project-reviews/CAM6biOZtAK_2EVhMmVuU28oO%3D-_wNZZuB4KZiC031cGSf7MwSA%40mail.gmail.com.
Johanna Curiel
OWASP Volunteer
Bernard Toplak
Feb 18, 2016, 8:49:21 AM2/18/16
to johanna curiel curiel, Claudia Casanovas, owasp-joomla-vuln...@lists.owasp.org, Aung Khant, owasp-project-reviews
Hi Claudia and Johanna,
yes, the Joomla Scanner is very outdated and not useful for any recent Joomla version, so those download numbers really baffle me, but that just confirms how interesting and sought-after such a tool is.
thank you very much for your attention to my idea and contribution offer.
Yes, I'd like to write it in PHP, it will make it more versatile, since it can be run in virtually any hosting server environment. I'd like to add CLI and GUI options.
If you think it's best to open a new project I will follow your suggestions. Please let me know if this is the wanted procedure.
Best regards,
Bernard Toplak
yes, the Joomla Scanner is very outdated and not useful for any recent Joomla version, so those download numbers really baffle me, but that just confirms how interesting and sought-after such a tool is.
thank you very much for your attention to my idea and contribution offer.
Yes, I'd like to write it in PHP, it will make it more versatile, since it can be run in virtually any hosting server environment. I'd like to add CLI and GUI options.
If you think it's best to open a new project I will follow your suggestions. Please let me know if this is the wanted procedure.
Best regards,
Bernard Toplak
Reply all
Reply to author
Forward
0 new messages