This is Stuff

I recently finished Matasano Crypto Challenges and it was an interesting experience. I started doing them because @tqbf tweets with standings showed up in my tweet feed and made me feel competitive. Now I'm very glad I did them.

Update: competition is not running anymore. All exercises and official solutions are available on cryptopals.org. My solutions are written in java and stored in matasano-cryptopals-solutions github repository.

Crypto Challenges is a collection of 48 exercises that demonstrate attacks on real world ciphers and protocols. Exercises exploit both badly designed systems and subtle implementation bugs in theoretically rock solid crypto. Most importantly, they make you see how tricky the security can be and how much various details matter.

If you solved all exercises while the competition was running, Matasano donated 20$ to a charity.

Travis-CI is hosted continuous integration server for Github projects. The continuous integration part is fairly standard: it runs unit tests and report results after each project change.

The hosting part is unusual: the service runs tests on their own infrastructure and provides access to test results. The user does not need his own hardware nor to install and run the server. All that is part of the service.

Any public repository hosted on Github can use Travis-CI for free. Private repositories have to pay and the Travis Pro version they get is a bit different from the regular one.

This post is mainly about the free version. First chapter describes what Travis-CI does. Second part contains few things about Travis-CI server, infrastructure and organization behind it. Mini review with our experiences is located in the last chapter.

Wro4j is primary a JavaScript and CSS merge and minimization library. Its original purpose was to speed up the page load. However, its final design made it easy to add integration with LESS, CoffeScript and few other technologies.

Less was introduced in previous article. In short, it is CSS with object oriented inheritance, variables and few other additional features. It is compiled into regular style sheets and served to the browser. Less was written in JavaScript and usually runs in the browser. If you want to run it on the server side, you have to use wro4j or some other integration library.

The post is mostly wro4j tutorial with focus on Less integration. It explains how wro4j works and how to configure it. There is very little about Less and almost everything is about wro4j.

The free online cryptography course I attended this April was taught by Stanford professor Dan Boneh. Its infrastructure and organization are provided by coursera company.

The course was everything I expect from an university course. It explains both the theory and its practical consequences. It shows how ciphers work, how to use them, what are their limitations and why they have been designed the way they have been designed.

We have decided to introduce testing for security vulnerabilities into web application development. Previous part introduced cross site scripting, our web application and expectations we have for this project.

In this part, we go through all penetration testing tools we could find. Our goal is to find a suitable open source scanner. We wrote mini review of each found tool and picked up two scanners we will use.