I wanted to test my website's forms and tried a couple of script string. Then
I have installed XSS Me to my Firefox, however, I am still confused about how it works. How do I start testing my website? Or does it test it automatically? If it does, I did not get any reports.
Is there any good tutorial on this plug in?
You can see full documentation on developer site. Also, you can get sources.
See here: http://labs.securitycompass.com/exploit-me/
http://labs.securitycompass.com/exploit-me/xss-me/xss-me-faq/
Related
I have a website built in Django 1.5 that - at times - doesn't load correctly. And by not loading correctly, I specifically mean that if I type its url in my samsung s6 edge's mobile browser, I sometimes (but not mostly) see the page below. I am clueless regarding why this is happening (not much shows up in my logs), and how I can troubleshoot it. Please advise.
Unfortunately you didn't include enough information in your post to properly debug your issue. Also, Django is now on version 1.8.5 and it may be possible that your issue has been patched since then.
Posting your source code is the best way to get help on issues like this.
If you are trying to troubleshoot it yourself and your app is using logging properly you should try writing unit tests for the various components that make up your app.
I want to integrate the Doctrine 2 to an Apigility driven Zend Framework 2 application.
So I installed zfcampus/zf-apigility-doctrine
$ composer require zfcampus/zf-apigility-doctrine "~0.3"
and activated the modules Phpro\DoctrineHydrationModule, ZF\Apigility\Doctrine\Server, and ZF\Apigility\Doctrine\Admin in the application config files (/config/application.config.php and /config/development.config.php).
What should be done next to start using Doctrine in the application as general and particularly in the Apigility Admin area?
I experimented with this Apigility extension in the fall but it was far from complete at that point. The server code was usable but there wasn't any UI integration to speak of. You can still manipulate endpoints by dissecting how zf-apigility-doctrine's controllers work and the information provided in the README. The rest is mostly trial and error. At the time I used the Postman plugin for Chrome to send requests to the endpoints mentioned in the README, trying different inputs until I found something that worked. It looks like they've made good progress on this portion of the integration since I last tried but I haven't revisited since to try again.
It seems there's no official integration with the Apigility admin UI yet. There is a repository for it (https://github.com/zfcampus/zf-apigility-admin-ui) but a quick browse of the open tickets shows it's not working yet. Someone has forked it and worked on it, but I haven't looked into it myself so I can't comment on it's readiness.
My suggestion is that if you want to learn how to integrate zf-apigility-doctrine into your Apigility the best way to do that right now is to take a look at Roll'n API (source here)
I have been looking for a tool to load test my django application. I was wondering if there is go to one for django web applications. I am required to login and place various requests to the site as multiple users and see how the site scales with traffic.
I have come across the following framweworks:
Seige
JMeter
Funkload
I was wondering if the community had any opinions on which is best, and fit together best with the django web application.
I welcome suggestions to any that I haven't mentioned as well.
Please and thank you
If you don't need to use javascript, and aren't looking to test your web server, I'm a huge fan of mechanize for this exact reason. spawn off several instances of mechanize that traverse your site, and you can get a very good idea of where your performance issues lie.
That said, if you do need javascript for anything, mechanize will not work as it has no ability to handle javascript. In this case you need to use selenium or webdriver. I've recently combined selenium with nunit for extremely great success. you can run several selenium instances and use selenium-rc to remotely track/control them. If you have some cash, browsermob does a fantastic job of this for you.
If you need to test your web server, look no further than apache bench.
Edit: This is my preferred approach. JMeter is very cool, but I found it a pain to use and an eyesore. YMMV though.
I am looking for a blog solution to run inside a Django project deployed on the Google App Engine. After a bit of review I decided to try out Mezzanine v0.11.3. I've overcome the hurdle of getting it in project using the advice of others deploying on App Engine at this link: http://groups.google.com/group/mezzanine-users/browse_thread/thread/c8b13c41a3168c94.
Mezzanine is now showing up in the Admin, but clicking on Blog posts leads to a multi-table inheritance failure. I believe that this is due to multi-site support functionality in Mezzanine via use of the Django sites framework.
Has anyone overcome this issue? I'm going to try to use django-dbindexer but I'm not confident it will work.
*Update: as far as I can tell, the folks at AllButtonsPressed don't have any magic solutions to work around ManyToManyField issues yet, so I think that option is dead.
If no one knows a work around, do any of you know of a good blog solution I can run inside a Django project on the App Engine?
*Update: found this post Integrating Blogger into a Google App Engine App. Will investigate if this solves the problem.
*Current Status:
I have not been able to solve this problem and I don't think it is currently solvable. Thought I would share what I found through my investigations though; maybe someone out there can carry on and come up with a solution.
Options tried:
Bloog
I looked this over but it is a Python
solution, not a Django solution and I
didn't want to do the work to turn it
into one
Byteflow ( https://bitbucket.org/piranha/byteflow/wiki/Home ) notes:
designed to be standalone, will need a
lot of edits to settings.py,
inclusion of 12 additional apps and
overrides on account settings plus
hand tuning at every upgrade.
AppEngineBlog ( http://code.google.com/p/appengineblogsoftware/ ) notes:
written in appengine specific code,
not maintained, no example sites
available to see how it looks
Coltrane ( http://code.google.com/p/coltrane-blog/source/browse/ ):
simple blog constructed from standard
Django functionality no development
or support, basically need to use
this code as a way to develop your
own blog and go from there
Flother ( https://github.com/flother/flother ):
found via Coltrane comments, probably
embeddable without too much trouble,
requires 8 additional apps,the photos
and places components have
ManyToManyFields that would have to
be re-written or these components
disabled
Blogger API ( http://code.google.com/apis/blogger/ ):
use Blogger at whatever location you
wish to gain fully functional
blogging capabilities, then use
Blogger API to deliver content to any
other site you wish to display it
Flother came close to what I need but there is still a fair bit of uncertainty and effort there. I'm proceeding with the Blogger option as the only viable choice for me at this time.
Well, as far as I can see, there is no way to get Mezzanine running on GAE other than wading into the code and ripping out anything relating to a ManyToManyField (Sites support, Photos and ... something else. Can't remember what).
The only thing I could find out there that has the potential to be added to an existing project, uses only portable Django code (app engine specific) and runs on App Engine is http://www.allbuttonspressed.com/projects/allbuttonspressed . I haven't actually tried to integrate it yet because I'm going to see if the Blogger solution works.
I've been using bloog for two of my blogs without any serious troubles so far - there are few little quirks that make it mildly unpleasant sometimes but nothing that's been a deal breaker.
I use the Blogger solution and it works fine, especially if you're only one person and you run the whole site.
The problem comes when you want to others to help you out. Now every css and design decision needs to be sent to a programmer who hacks away at django templates. A CMS with a real WYSIWYG editor would allow you to ship off that work to marketing/design people and let you focus on the fun stuff.
I came across a decent review of the various blogging engines for Django, however, it's unclear how well they each integrate with GAE.
I have deployed Mezzanine/Cartridge in GAE succesfully but I have not documented it yet in github or something like that. It works using python 2.7 of course and django 1.5. Additionally it works with Google Cloud SQL, and the local file system GAE provides. It additionally works with google gmail facilities. For thumbnailing I am using local GAE functionality.
It requires several additional libraries like boto, but it works well.
See a short demo in midevocional365.appspot.com/
Does anyone know if there is a help authoring tool out there that can produce help documentation for a software product that looks like a wiki? We are currently using the Confluence wiki engine, which is absolutely brilliant and we were wondering if there is anything like that but without the need for an Apache server. Something stand-alone that can give our users the help documentation they need. We have used help authoring tools and they all seem so clunky compared to a wiki.
Use Wiki on a Stick.
Its a single .html file written in Javascript/html and saves the changes onto itself.
You don't even need Apache. Awesome tool!
How about Juli? It generates static HTML so you can browse documents by browser only.
It is used for:
Juli documentation itself.
Edgar project documentation (another my OSS project).
My personal wiki/blog. I'll show later since new users can only post two links(stackoverflow limitation)