Re: [Chicken-users] Can anyone help test my Chicken-based web site?

[Matt Gushee]

Hi, Peter--

On Tue, Mar 12, 2013 at 9:20 AM, Peter Bex <address@hidden> wrote:

On Tue, Mar 12, 2013 at 09:10:30AM -0600, Matt Gushee wrote:
> On Mon, Mar 11, 2013 at 9:06 PM, J Altfas <address@hidden> wrote:
>
> >  Sounds interesting, certainly I'd be willing to help test it out, but of
> > course, not sure exactly what sort of help you're looking for.
>
> I thought I was pretty clear, but if not: I would like help in finding out
> if my web application has any vulnerabilities to attack related to its use
> of Chicken Scheme and ... certain eggs.

A black-box test isn't the best way to go about things.  A dedicated
attacker will have a lot more time to spend than some volunteer who's
just prodding the site a bit.  Having the code (a white box test) would
be a more effective way to spend your resources.

Okay, that makes sense. Here's what I'll do: my codebase is currently hosted in a private Bazaar repo, but I also have a Github account, so when I have time I'll move my code over to Github, so you can take a look at it.

In the meantime, the principal libraries I use are:

   Fastcgi for communication

   Ersatz templates

   Sql-de-lite for storage (it's a simple web site ;-)

   Matchable to select handlers based on the request URL & HTTP method

And the front-end server, as I said, is Nginx, running on a FreeBSD VPS, and I am using UWSGI to manage the FastCGI application.

Oh, and the URL is http://studioyanagi.com/

I'll let everybody know when I've got my code on GitHub. Thanks for the feedback.

--

Matt Gushee