Thursday, 2016-06-09

*** JAHoagie has quit IRC00:09
*** bpokorny has quit IRC00:26
*** bpokorny has joined #openstack-security00:34
*** sdake has quit IRC00:42
*** unrahul has quit IRC00:52
*** salv-orlando has quit IRC00:53
*** salv-orlando has joined #openstack-security00:53
*** browne has quit IRC01:15
*** tmcpeak has quit IRC01:16
*** bpokorny_ has joined #openstack-security01:19
*** bpokorny has quit IRC01:22
*** bpokorny_ has quit IRC01:23
*** yuanying has quit IRC02:50
*** browne has joined #openstack-security02:57
*** sdake has joined #openstack-security03:10
*** sdake has quit IRC03:26
*** bpokorny has joined #openstack-security03:47
*** yuanying has joined #openstack-security03:48
*** salv-orl_ has joined #openstack-security04:25
*** salv-orlando has quit IRC04:28
*** JAHoagie has joined #openstack-security04:39
*** bpokorny has quit IRC04:47
*** salv-orl_ has quit IRC04:51
*** salv-orlando has joined #openstack-security04:51
*** salv-orlando has quit IRC05:00
*** rcernin|off has joined #openstack-security05:15
*** vinaypotluri has quit IRC05:23
*** tpeoples has quit IRC05:24
*** Ryan_Lane has quit IRC05:24
*** z has quit IRC05:24
*** jraim has quit IRC05:24
*** serverascode has quit IRC05:25
*** woodrow has quit IRC05:25
*** kun_huang has quit IRC05:25
*** sweston has quit IRC05:25
*** fyxim has quit IRC05:25
*** nikhil has quit IRC05:25
*** evand has quit IRC05:25
*** rcernin|off has quit IRC05:26
*** JAHoagie has quit IRC05:26
*** evand has joined #openstack-security05:29
*** fyxim has joined #openstack-security05:29
*** sweston has joined #openstack-security05:30
*** z has joined #openstack-security05:31
*** jraim has joined #openstack-security05:32
*** vinaypotluri has joined #openstack-security05:32
*** tpeoples has joined #openstack-security05:32
*** woodrow has joined #openstack-security05:33
*** serverascode has joined #openstack-security05:34
*** nikhil has joined #openstack-security05:35
*** Ryan_Lane has joined #openstack-security05:36
*** kun_huang has joined #openstack-security05:37
*** JAHoagie has joined #openstack-security05:54
*** nikhil has quit IRC06:07
*** liverpooler has quit IRC06:08
*** nikhil has joined #openstack-security06:09
*** rcernin|off has joined #openstack-security06:14
*** rcernin|off is now known as rcernin06:21
*** pcaruana has joined #openstack-security07:09
*** browne has quit IRC07:14
*** JAHoagie has quit IRC07:35
*** liverpooler has joined #openstack-security07:36
*** tkelsey has joined #openstack-security07:36
*** salv-orlando has joined #openstack-security07:41
*** salv-orl_ has joined #openstack-security07:42
*** salv-orlando has quit IRC07:46
*** liverpooler has quit IRC07:55
*** liverpooler has joined #openstack-security07:55
*** tesseract has joined #openstack-security07:56
*** openstackgerrit has quit IRC08:03
*** openstackgerrit has joined #openstack-security08:03
*** tkelsey has quit IRC08:10
*** salv-orl_ has quit IRC08:25
*** vinaypotluri has quit IRC08:30
*** salv-orlando has joined #openstack-security08:39
*** salv-orlando has quit IRC08:56
*** dmk0202 has joined #openstack-security09:28
*** salv-orlando has joined #openstack-security09:48
*** salv-orlando has quit IRC10:41
*** salv-orlando has joined #openstack-security10:49
*** salv-orlando has quit IRC11:03
*** webhat_ is now known as webhat11:14
*** salv-orlando has joined #openstack-security11:35
*** sdake has joined #openstack-security11:56
*** markvoelker has joined #openstack-security12:04
*** salv-orlando has quit IRC12:06
*** agireud has quit IRC12:08
*** agireud has joined #openstack-security12:09
*** jass93 has quit IRC12:45
*** flerfb0rt has joined #openstack-security12:45
*** sdake has quit IRC12:48
*** salv-orlando has joined #openstack-security12:49
*** salv-orlando has quit IRC13:03
*** salv-orlando has joined #openstack-security13:04
*** salv-orlando has quit IRC13:15
*** edmondsw has joined #openstack-security13:22
*** cleong has joined #openstack-security13:25
*** sdake has joined #openstack-security13:39
*** liverpooler has quit IRC13:42
*** ametts has joined #openstack-security13:49
*** jmckind has joined #openstack-security13:55
*** JAHoagie has joined #openstack-security13:58
*** davidjd-gh has joined #openstack-security14:01
*** JAHoagie has quit IRC14:04
*** davidjd-gh has quit IRC14:06
*** jhfeng has joined #openstack-security14:08
*** agireud has quit IRC14:19
*** agireud has joined #openstack-security14:20
*** mvaldes has joined #openstack-security14:26
*** jmckind has quit IRC14:37
*** mvaldes has quit IRC14:38
*** mvaldes has joined #openstack-security14:38
*** jmckind has joined #openstack-security14:39
*** woodburn has joined #openstack-security14:39
*** woodburn1 has quit IRC14:39
*** tmcpeak has joined #openstack-security14:39
*** pcaruana has quit IRC14:41
*** dstufft is now known as nedbat214:42
*** nedbat2 is now known as dstufft14:43
tmcpeakdstufft: you going under cover? :P14:43
*** JAHoagie has joined #openstack-security14:55
*** JAHoagie has quit IRC15:00
dstuffttmcpeak: :D15:00
*** mvaldes1 has joined #openstack-security15:00
*** woodburn has quit IRC15:01
*** woodburn1 has joined #openstack-security15:01
*** mvaldes2 has joined #openstack-security15:02
*** mvaldes has quit IRC15:03
*** mvaldes1 has quit IRC15:05
*** vinaypotluri has joined #openstack-security15:14
*** unrahul has joined #openstack-security15:18
*** jhfeng has quit IRC15:20
*** flerfb0rt has left #openstack-security15:25
*** browne has joined #openstack-security15:30
*** tesseract has quit IRC15:30
*** jhfeng has joined #openstack-security15:31
*** rcernin has quit IRC15:32
*** woodburn1 has quit IRC15:34
*** woodburn has joined #openstack-security15:36
*** bpokorny has joined #openstack-security15:38
*** agireud has quit IRC15:40
*** dmk0202 has quit IRC15:41
*** agireud has joined #openstack-security15:42
michaelxin@vinaypotluri ?15:58
michaelxinunrahul: ?15:59
michaelxinvinaypotluri: ?15:59
unrahulyup Michael15:59
michaelxinWhat size of T-shirt do you wear?15:59
michaelxinTrying to get OSIC T-shirts for you two.15:59
michaelxinHow about vinay?15:59
unrahulCool Michael,  Thanks.16:00
vinaypotlurimichaelxin small size16:02
michaelxinGot it. Thanks16:02
michaelxinI will send an email to Homer and include you two.16:02
michaelxinHow is testing against broken API using Syntribos?16:03
michaelxinIt should help you guys get better understanding about the process of API security testing.16:03
unrahulmichaelxin: what i got from it, we are leasing way too many options to the end user16:03
michaelxinmy concern is about adding values to the end user16:04
unrahulthere is very lil decision making, and as the tool is meant for developers and not security ppl I think, we should add bit more logic into it ,I feel that would make decision making for the end user easier16:05
michaelxinEspecially about the findings.16:05
michaelxinNo, the tool is meant for the security ppl.16:05
michaelxinWe need to work on it16:05
michaelxinThat is why we need you all16:05
unrahulbut then, when we integrate to the pipeline for example keystone or something, wouldnt it be better if the results are bit more focussed and clear cut?16:06
michaelxinEven for broken API, the results should be more focused and clear cut.16:07
michaelxinThere is a tech talk this afternoon about Ansible security and openstack16:07
unrahulyup I agree16:07
unrahuloh!.. in rackspace.??16:07
michaelxinTech Talk about Automated security hardening with OpenStack-Ansible16:08
michaelxinSAT6-2367-Snow Crash /VC; Vidyo room: 643116:08
michaelxin2:00 - 3:00pm16:08
michaelxinunrahul: Is the team using IRC a lot?16:08
michaelxinI do not think so.16:08
*** ccneill has joined #openstack-security16:09
michaelxinWonder why you guys do not use IRC as often as I expect?16:09
unrahuloh.. thanks MIchael will join in16:09
unrahulwe do it not that often I guess..16:10
michaelxinWe can do it more.16:14
michaelxinI will ask questions more here.16:14
michaelxinI will miss the standup today.16:14
*** jmckind_ has joined #openstack-security16:17
*** jmckind has quit IRC16:19
*** sdake has quit IRC16:25
*** tkelsey has joined #openstack-security16:26
*** alejandro2 has joined #openstack-security16:30
*** alejandro2 has quit IRC16:31
*** jmckind_ has quit IRC16:32
*** jmckind has joined #openstack-security16:34
*** edtubill has joined #openstack-security16:38
*** sdake has joined #openstack-security16:38
michaelxinunrahul: ccneill: How was the standup?16:39
*** d0ugal has quit IRC16:43
*** d0ugal has joined #openstack-security16:44
*** sdake_ has joined #openstack-security16:45
*** sdake has quit IRC16:45
*** JAHoagie has joined #openstack-security16:47
*** mdong has joined #openstack-security16:48
ccneillmichaelxin: sounds like there may be some lingering errors in my signals code that unrahul has found, so we'll try to get that worked out today16:50
ccneillmichaelxin: also set up a 30 minute meeting tomorrow for us to discuss the questions we have here:
michaelxinnice job! unrahul!16:51
ccneilltrying to get feedback on those questions today before the meeting tomorrow so that we're not trying to come up with our thoughts on the spot in the meeting16:51
michaelxinhere is a good place to talk about them.16:51
ccneillany feedback would be appreciated if you have time to take a look16:51
ccneillthis room is good for discussion, but not so much for preserving the conversation we have16:52
*** sdake_ has quit IRC16:52
michaelxinEvery convesation is logged16:53
unrahulthanks michaelxin , we are trying out the singals (http_signal2 branch) approach of writing tests16:53
ccneillmichaelxin: sure, but it's not as easy to sift through if it's not categorized16:53
ccneillunrahul: have you compared http_signal vs. http_signal2?16:54
michaelxinThat's true.16:54
unrahulmichaelxin: the version ccneill  wrote where signals uses an overloaded constructor and signals is kinda split into issues.16:54
ccneillI'm leaning toward the http_signal2 approach (no custom "signal types"), but curious what y'alls thoughts are16:54
michaelxinThere is no perfect solutino.16:54
michaelxinWhere is Mdong?16:55
mdongI’m here16:55
mdongI’ve also been adding to the etherpad16:55
unrahulmichaelxin: ccneill mdong  did you guys get time to check the way wfuzz shows results to the end user..? what do you guys think.?16:56
michaelxinDid you guys all spend time running Syntribos again the broken API? Review the results? Check the output for findings?16:57
michaelxinNot yet.16:57
michaelxinunrahul: Will look for sur.16:57
michaelxinI have something that I want.16:57
ccneillunrahul: not yet16:57
unrahulmichaelxin: yea we did Michael, I felt it was way too generic/broad and we need to add more logic to the tool end result  to give more informed suggestions, dont know if its the rating approach that ccneill  suggested , but something should be there.16:58
michaelxinWe need to streamline it. Category it based on severity.16:58
*** bpokorny has quit IRC16:59
michaelxinWe need to do basic stuff.16:59
*** bpokorny has joined #openstack-security16:59
michaelxinIRC meeting17:01
ccneillmichaelxin: /j #openstack-meeting-alt17:01
ccneillderp derp derp..17:01
ccneillignore me17:01
michaelxinafter a two hour meeting for test strategy, need a break.17:02
*** bpokorny has quit IRC17:04
*** mvaldes2 has quit IRC17:04
ccneillI bet17:05
*** mvaldes has joined #openstack-security17:05
tmcpeaknkinder: you around?17:23
nkindertmcpeak: I'm around, but in the middle of meetings17:24
tmcpeakahh ok17:24
tmcpeakwe've got another published OSSN, do you still want to handle the wiki and announce and stuff?17:24
*** mvaldes has quit IRC17:25
*** bpokorny has joined #openstack-security17:30
*** lmiccini has quit IRC17:31
*** sdake has joined #openstack-security17:31
*** salv-orlando has joined #openstack-security17:32
*** salv-orlando has quit IRC17:35
*** sdake_ has joined #openstack-security17:35
*** salv-orlando has joined #openstack-security17:36
*** sdake has quit IRC17:37
*** lmiccini has joined #openstack-security17:38
unrahulThanks michaelxin , we got the OSIC shirts!!17:41
*** bpokorny has quit IRC17:47
*** browne has quit IRC17:52
nkindertmcpeak: yeah, I can handle it this afternoon17:52
unrahulmichaelxin: the output ryt now looks like this, , as we saw in the last meeting17:52
tmcpeaknkinder: thank you!17:53
unrahulmichaelxin:  this doesn't really put forward a concrete set of issues, but a lot of warnings, we really want to clean it up a bit, may be use error codes, and wiki approach .17:54
*** tpeoples has quit IRC17:57
*** bpokorny has joined #openstack-security17:57
*** serverascode has quit IRC17:58
*** serverascode has joined #openstack-security18:00
*** tpeoples has joined #openstack-security18:00
*** vinaypotluri has quit IRC18:03
*** tkelsey has quit IRC18:03
*** vinaypotluri has joined #openstack-security18:05
*** unrahul has quit IRC18:08
*** unrahul has joined #openstack-security18:09
*** mvaldes has joined #openstack-security18:19
michaelxinunrahul: Coool.18:19
michaelxinGlad that you get your shirts.18:19
*** salv-orlando has quit IRC18:21
*** salv-orlando has joined #openstack-security18:22
*** jhfeng has quit IRC18:22
*** salv-orlando has quit IRC18:26
*** salv-orlando has joined #openstack-security18:26
*** sdake_ has quit IRC18:38
openstackgerritNathaniel Dillon proposed openstack/security-doc: Added data loss prevention (DLP) to glossary
*** ccneill has quit IRC18:40
*** jhfeng has joined #openstack-security18:41
*** jhfeng has quit IRC18:46
*** ccneill has joined #openstack-security18:48
*** mvaldes has quit IRC18:54
*** sdake has joined #openstack-security18:59
nkindertmcpeak: just to confirm, this is OSSN-0063, right?19:13
*** mvaldes has joined #openstack-security19:14
*** bpokorny has quit IRC19:15
tmcpeaknkinder: yep!19:15
tmcpeak68 will be coming soon too19:15
nkindertmcpeak: cool.  Working on publishing it now.19:15
nkindertmcpeak: arg, line wrapping is off.  I'm going to get a quick patch in for it.19:16
tmcpeaknkinder: ahh crap, we should have checked that19:16
nkindereasy mistake.  No worries.19:17
nkindertmcpeak: stand by for a quick review19:17
*** vinaypotluri has quit IRC19:17
*** sdake has quit IRC19:19
*** vinaypotluri has joined #openstack-security19:19
*** davidjd-gh has joined #openstack-security19:22
openstackgerritNathan Kinder proposed openstack/security-doc: Correct line-wrapping in OSSN-0063
nkindertmcpeak: ^^^19:26
*** GABY4 has joined #openstack-security19:27
davidjd-ghhola GABY419:28
davidjd-ghcomo ests19:28
GABY4bn y thu vl..19:29
GABY4eso vl q bn19:29
tmcpeakhmm, I don't have review in security-doc anymore19:29
tmcpeakI'm +1, just merge it nkinder :)19:29
nkindertmcpeak: cool19:30
openstackgerritMerged openstack/security-doc: Correct line-wrapping in OSSN-0063
*** davidjd-gh has quit IRC19:41
*** davidjd-gh has joined #openstack-security19:50
ccneillholy heck19:53
ccneillunrahul: wfuzz is SUPER fast... o_o19:53
nkindertmcpeak: ok, all published now.19:53
*** jmckind has quit IRC19:54
tmcpeaknkinder: thanks! you're awesome19:54
*** davidjd-gh has left #openstack-security19:56
*** davidjd-gh has joined #openstack-security19:58
unrahulccneill: :o they are using multi threading it seems.20:05
ccneillI do like the simplicity of their output, but I'm not sure if it's such a good fit for us...20:06
unrahulccneill:  too late for us in the game.. and not sure how it helps in requests/resp time.. as we are spending most of the time there..20:06
ccneillunrahul: yeah, that's not my greatest concern at the moment, but it did surprise me20:06
ccneillunrahul: the output is very handy for saying "did it match one thing" but it doesn't really help you figure out exactly what happened20:06
unrahulccneill: yeah.. something in between ours and wfuzz type.. thing would be ideal..?20:07
unrahulccneill: yeah.. too minimal20:07
ccneillunrahul: it would be cool for our normal output to be similar though.. instead of just PASS/FAIL20:07
ccneilllike what it's printing in the terminal while it's running, not the actual results output20:07
unrahulccneill:  like..? error coding and  all?20:07
unrahulccneill:  oh yeah..20:08
ccneillI don't know.. just maybe something like "hey, this request for this test type failed"20:08
ccneillwith the path, status code, and test type20:08
ccneillnot too fancy20:08
ccneillbut again, that's not my biggest concern at the moment20:08
*** bpokorny has joined #openstack-security20:09
*** davidjd-gh has quit IRC20:10
unrahulccneill:  yeah that cleans up a lil i guess.. though if all the tests are run.. then it would take a while to scroll through.20:10
ccneillunrahul: right.. it's really not for you to DO anything with, it's just to let you know "hey, this is what's going on right now"20:11
ccneillbut that's definitely not a top priority, just maybe something to think about sometime before 1.020:11
unrahulccneill:  yeah..20:11
unrahulccneill: +120:11
*** GABY4 has left #openstack-security20:12
*** jmckind has joined #openstack-security20:26
*** rcernin has joined #openstack-security20:35
*** ametts has quit IRC20:52
unrahulccneill: The stack trace I was getting, was because in the CORS test, as the new send_request returns a tuple of resp and signals, changed the test and its working fine.21:07
*** mvaldes has quit IRC21:13
*** rcernin has quit IRC21:15
ccneillyeah I haven't finished updating the other tests yet21:20
ccneillI only worked on INT_OVERFLOW21:21
ccneillso we'll have to convert the rest of the tests, but I figured that was something that might be good for you, mdong, and vinaypotluri to look into so that you get experience with it21:21
ccneilland can get a feel for what the pain points are21:21
ccneilland what signals we still need to implement21:21
unrahulyup.. it helped21:21
*** cleong has quit IRC21:21
unrahulthe INT_OVERFLOw tests21:21
unrahulusing that a reference21:21
*** edmondsw has quit IRC21:29
*** zul has quit IRC21:39
*** jass93 has joined #openstack-security21:52
*** zul has joined #openstack-security21:53
*** jmckind has quit IRC22:07
*** jamielennox is now known as jamielennox|away22:09
*** edtubill has quit IRC22:30
*** ccneill has quit IRC22:45
*** edtubill has joined #openstack-security22:47
*** edtubill has quit IRC22:59
*** edtubill has joined #openstack-security23:01
*** tkelsey has joined #openstack-security23:08
*** mdong has quit IRC23:11
*** tkelsey has quit IRC23:12
*** salv-orl_ has joined #openstack-security23:27
*** salv-orl_ has quit IRC23:28
*** salv-orl_ has joined #openstack-security23:29
*** salv-orlando has quit IRC23:31
*** jamielennox|away is now known as jamielennox23:37
*** bpokorny_ has joined #openstack-security23:56

Generated by 2.14.0 by Marius Gedminas - find it at!