SEO Outsourcing: August 2020

Sunday, August 30, 2020

JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan

A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

Features

Scanning the Joomla CMS sites in search of components/extensions (database of more than 600 components);
Locate the browsable folders of component (Index of ...);
Locate the components disabled or protected
Locate each file useful to identify the version of a components (Readme, Manifest, License, Changelog)
Locate the robots.txt file or error_log file
Supports HTTP or HTTPS connections
Connection timeout

Next Features

Locate the version of Joomla CMS
Find Module
Customized User Agent and Random Agent
The user can change the connection timeout
A database of vulnerable components

Usage
usage: python joomlascan.py [-h] [-u URL] [-t THREADS] [-v]
optional arguments:

-h, --help              show this help message and exit

-u URL, --url URL       The Joomla URL/domain to scan.
-t THREADS, --threads   THREADS
                        The number of threads to use when multi-threading
                        requests (default: 10).
-v, --version           show program's version number and exit

Requirements

Python
beautifulsoup4 (To install this library from terminal type: $ sudo easy_install beautifulsoup4 or $ sudo pip install beautifulsoup4)

Changelog

2016.12.12 0.5beta > Implementation of the Multi Thread, Updated database from 656 to 686 components, Fix Cosmetics and Minor Fix.
2016.05.20 0.4beta > Find README.md, Find Manifes.xml, Find Index file of Components (Only if descriptive), User Agent and TimeOut on Python Request, Updated database from 587 to 656 components, Fix Cosmetics and Minor Fix.
2016.03.18 0.3beta > Find index file on components directory
2016.03.14 0.2beta > Find administrator components and file Readme, Changelog, License.
2016.02.12 0.1beta > Initial release

Download JoomlaScan

OWASP May Connector 2019

OWASP
Connector

May 2019

Communications | Projects | Events | Community | Membership

COMMUNICATIONS

Letter from the Vice Chairman:

Dear OWASP Community,

Since last month the foundation has been busy working towards enabling our project leaders and community members to utilize funds to work on nurturing and developing projects. So far there has been huge uptake on this initiative. It's great to see so many people passionate about collaborating at project summits.

Our Global AppSec Tel-Aviv is nearly upon us, for members, there is an extra incentive for attending this conference, in the form of a significant discount. This and the sandy beaches and beautiful scenery, not to mention the great speakers and trainers we have lined up, is a great reason to attend. If you have not done so we would encourage you to attend this great conference - https://telaviv.appsecglobal.org.

One of the key things I've noticed in my Board of Director tenure is the passion our community emits, sometimes this passion aids in growing the foundation, but sometimes it also forces us to take a step back and look at how we do things within the foundation. With Mike, our ED and staff we have seen a lot of good change from an operations perspective, with more in the pipeline. Mike's appointment has allowed the Board of Directors to take a step back from operations and enable us to work on more strategic goals. To this end at a recent Board meeting we discussed each Board member taking up one of the following strategic goals, as set out at the start of the year:

1.Marketing the OWASP brand
2.Membership benefits
3.Developer outreach

Improve benefits
Decrease the possibility of OWASP losing relevance
Reaching out to management and Risk levels
Increase involvement in new tech/ ways of doing things – dev ops

4.Project focus

Get Universities involved
Practicum sponsored ideas
Internships

5.Improve finances
6.Improve OWAP/ Board of Directors Perception
7.Process improvement
8. Get consistent ED
9.Community empowerment

I would encourage the community to come forward if you have any ideas on the above and are happy to work with one of the 7 Board of Directors and community members on one of these initiatives.

Thanks and best wishes,
Owen Pendlebury
Vice Chair

OWASP FOUNDATION UPDATE FROM INTERIM EXECUTIVE DIRECTOR:

OWASP Foundation welcomes aboard Emily Berman as Events Director. Emily was most recently with the Scrum Alliance where she planned high-profile functions for upwards of 2,000 guests. Emily brings a fresh approach to events planning and her 12 years of experience planning and organizing large-scale events worldwide well in advance will greatly benefit our Global AppSecs.

Did you Register yet?

Global AppSec DC September 9-13, 2019
submit to the Call for Papers and Call for Training
Check out Sponsorship Opportunities while they are still available.

Save the Date for Global AppSec Amsterdam Sept 23-27, 2019
Sponsorship Opportunities are available

EVENTS

You may also be interested in one of our other affiliated events:

REGIONAL AND LOCAL EVENTS

Event	Date	Location
Latam Tour 2019	Starting April 4, 2019	Latin America
OWASP Portland Training Day	September 25, 2019	Portland, OR
OWASP Italy Day Udine 2019	September 27,2019	Udine, Italy
OWASP Portland Day	October 16,2019	Wroclaw, Poland
LASCON X	October 24-25,2019	Austin, TX
OWASP AppSec Day 2019	Oct 30 - Nov 1, 2019	Melbourne, Australia

PARTNER AND PROMOTIONAL EVENTS

Event	Date	Location
Open Security Summit	June 3-7,2019	Woburn Forest Center Parcs, Bedfordshire
Hack in Paris 2019	June 16-20, 2019	Paris
Cyber Security and Cloud Expo Europe	June 19-20, 2019	Amsterdam
IoT Tech Expo Europe	June 19-20, 2019	Amsterdam
BlackHat USA 2019	August 3-8,2019	Las Vegas, Nevada
DefCon 27	August 8-11,2019	Las Vegas, Nevada
it-sa-IT Security Expo and Congress	October 8-10, 2019	Germany

PROJECTS

We have had the following projects added to the OWASP inventory. Please congratulate these leaders and check out the work they have done:

Project	Type	Leader(s)
Risk Assessment Framework	Documentation	Ade Yoseman Putra, Rejah Rehim
QRLJacker	Tool	Mohammed Baset
Container Security Verification Standard	Documentation	Sven Vetsch
Find Security Bugs	Code	Philippe Arteau
Vulnerable Web Application	Code	Fatih Çelik
D4N155	Tool	Julio Pedro de Lira Neto
Jupiter	Tool	Matt Stanchek
Top 10 Card Game	Documentation	Dennis Johnson
Samurai WTF	Code	Kevin Johnson
DevSecOps Maturity Model	Documentation	Timo Pagel

Also, we will have the following projects presenting at the Project Showcase Global AppSec Tel Aviv:

Final Schedule
Wednesday, May 29th				Thursday, May 30th
Time	Project	Presenter(s)	Confirmed	Time	Project	Presenter(s)	Confirmed
10:45 a.m.	Glue Tool	Omer Levi Hevroni	Yes	10:30 a.m.	API Security	Erez Yalon, Inon Shkedy	Yes
			7

11:55 a.m.	IoT & Embedded AppSec	Aaron Guzman	Yes	11:50 a.m.	Mod Security Core Rule Set	Tin Zaw	Yes
				12:25 p.m.	Automated Threats	Tin Zaw	Yes
12:30 p.m. Lunch Break				12:55 p.m. Lunch Break
2:35 p.m.	SAMM	John DiLeo	Yes
3:10 p.m.	Application Security Curriculum	John DiLeo	Yes	3:10 p.m.	Damned Vulnerable Serveless Application	Tal Melamed	Yes

Finally, if you are able to help participate in the Project Reviews at the Conference, please send me an email at harold.blankenship@owasp.com. We have a large line-up of projects to review this time around:

Project	To Level	Leader(s)
Snakes and Ladders	Flagship	Katy Anton, Colin Watson
Cheat Sheet Series	Flagship	Dominique Righetto, Jim Manico
Mobile Security Testing Guide	Flagship	Jeroen Willemsen, Sven Schleier
Amass	Lab	Jeff Foley
Attack Surface Detector	Lab	Ken Prole
SecureTea	Lab	Ade Yoseman Putra, Bambang Rahmadi K.P, Rejah Rehim.A.A
Serverless Goat	Lab	Ory Segal

Google Summer of Code Update:
We were allocated 13 students this year! The current timeline is as follows:

Google Season of Docs:
We were accepted into the Google Season of Docs. There will be a single technical writer resource. The current timeline is as follows:

COMMUNITY

New OWASP Chapters
Riyadh, Saudi Arabia
Guayaquil, Equador
Lome, Togo
Natal, Brazil
Nashua, New Hampshire
Gwalior, India
Louisville, Kentucky
Nainital, India
Liverpool, United Kingdom
Syracuse, New York