This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests"
Dinis.cruz (talk | contribs) (→Buanzo - Enigform: Firefox Addon for OpenPGP signing of HTTP requests) |
|||
(4 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | '''AoC Candidate''': | + | '''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]''' |
+ | |||
+ | |||
+ | '''AoC Candidate''': Arturo Busleiman (a.k.a Buanzo) | ||
'''Project coordinator''': Dinis Cruz | '''Project coordinator''': Dinis Cruz | ||
− | '''Project Progress''': | + | '''Project Progress''': 70% Complete, [[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page|Progress Page]] |
− | == Buanzo - | + | == Buanzo -Firefox Addon (Enigform) and Apache Module (mod_openpgp) to extend HTTP with OpenPGP capabilities == |
− | === | + | === Arturo "Buanzo" Busleiman === |
− | I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of | + | I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of information systems security since 1994, when BBSes and Linux still lived together. |
− | information systems security since 1994, when BBSes and Linux still lived together. | ||
A quick search for buanzo on google [http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[http://www.rentacoder.com/RentACoder/SoftwareCoders/showBioInfo.asp?lngAuthorId=735204]. | A quick search for buanzo on google [http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[http://www.rentacoder.com/RentACoder/SoftwareCoders/showBioInfo.asp?lngAuthorId=735204]. | ||
− | In my free time I like playing with my Punk-Pop band [http://www. | + | In my free time I like playing with my Punk-Pop band [http://www.jamendo.com/es/artist/futurabanda/], Futurabanda. [http://www.futurabanda.com.ar], and maintaining my Restaurants, Wines and Recipes site. [http://www.vivamoslavida.com.ar]. I have to admit that my first priorities are my beloved son [http://www.fotolog.com/buanzo] and my wonderful wife [http://www.fotolog.com/buanzo]. |
=== Accomplishments === | === Accomplishments === | ||
Line 20: | Line 22: | ||
tools that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written | tools that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written | ||
the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 [http://www.oissg.org/content/view/71/71/]. I'm currently writing | the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 [http://www.oissg.org/content/view/71/71/]. I'm currently writing | ||
− | an Internet Draft to be proposed for RFC | + | an Internet Draft to be proposed for RFC named "OpenPGP Extensions to HTTP". |
=== Community === | === Community === | ||
− | I run the | + | I "run" the 2600 meetings site for Argentina [http://www.2600.com/meetings/pages.html], I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio and newspaper appearances [http://codigoabierto.bitacoras.com/archivos/2005/04/01/buanzo-hacks] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [http://counter.li.org/reports/place.php?place=AR]. |
− | and newspaper appearances [http://codigoabierto.bitacoras.com/archivos/2005/04/01/buanzo-hacks] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, | ||
− | answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [http://counter.li.org/reports/place.php?place=AR]. | ||
=== My Project === | === My Project === | ||
− | Enigform [http://enigform.mozdev.org] is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs outgoing HTTP requests so that a web server can authenticate the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications. I think Enigform can fit into the OWASP Validation Project [http://www.owasp.org/index.php/Category:OWASP_Validation_Project]. | + | Enigform [http://enigform.mozdev.org] is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs and/or encrypts outgoing HTTP requests so that a web server can authenticate the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications. I think Enigform can fit into the OWASP Validation Project [http://www.owasp.org/index.php/Category:OWASP_Validation_Project]. |
Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group. | Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group. | ||
− | Some simple PHP code is enough to make a web application Enigform-aware [http://enigformtest.buanzo.com.ar]. The Smutty PHP MVC Framework already supports Enigform [http://smutty.pu-gh.com/demo/enigform]. | + | Some simple PHP code is enough to make a web application Enigform-aware [http://enigformtest.buanzo.com.ar]. The Smutty PHP MVC Framework already supports Enigform [http://smutty.pu-gh.com/demo/enigform], but the best approach is to use the Apache module I'm writing, called mod_auth_openpgp (which will be renamed to mod_openpgp as it evolves). |
=== Long Term === | === Long Term === | ||
− | Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in | + | Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in MS IIS, and port Enigform to other browsers |
and/or programming languages, and also provide OpenPGP De/Encryption support. | and/or programming languages, and also provide OpenPGP De/Encryption support. | ||
Line 46: | Line 46: | ||
I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the | I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the | ||
international security community, and I firmly believe Enigform is my greatest idea so far. | international security community, and I firmly believe Enigform is my greatest idea so far. | ||
+ | |||
+ | |||
+ | '''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]''' |
Latest revision as of 12:55, 10 July 2007
Back to SpoC 007 Selection page
AoC Candidate: Arturo Busleiman (a.k.a Buanzo)
Project coordinator: Dinis Cruz
Project Progress: 70% Complete, Progress Page
Buanzo -Firefox Addon (Enigform) and Apache Module (mod_openpgp) to extend HTTP with OpenPGP capabilities
Arturo "Buanzo" Busleiman
I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of information systems security since 1994, when BBSes and Linux still lived together.
A quick search for buanzo on google [1] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[2].
In my free time I like playing with my Punk-Pop band [3], Futurabanda. [4], and maintaining my Restaurants, Wines and Recipes site. [5]. I have to admit that my first priorities are my beloved son [6] and my wonderful wife [7].
Accomplishments
I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005 and 2006. I've developed tools that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 [8]. I'm currently writing an Internet Draft to be proposed for RFC named "OpenPGP Extensions to HTTP".
Community
I "run" the 2600 meetings site for Argentina [9], I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio and newspaper appearances [10] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [11].
My Project
Enigform [12] is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs and/or encrypts outgoing HTTP requests so that a web server can authenticate the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications. I think Enigform can fit into the OWASP Validation Project [13].
Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group.
Some simple PHP code is enough to make a web application Enigform-aware [14]. The Smutty PHP MVC Framework already supports Enigform [15], but the best approach is to use the Apache module I'm writing, called mod_auth_openpgp (which will be renamed to mod_openpgp as it evolves).
Long Term
Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in MS IIS, and port Enigform to other browsers and/or programming languages, and also provide OpenPGP De/Encryption support.
Why should I be selected
I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the international security community, and I firmly believe Enigform is my greatest idea so far.