I have posted on the forum as to why.

A week late and counting

Its very simple. I have been very very busy. I know its a lame excuse, but it is true. I also started doing these as very long form and with the Hands on Series specially, it became a rather involved effort.

I have re-organized my schedule in the last several weeks and am on course to start recording at least every two weeks. These will be generally shorter, but will be very focused on a topic and just jump right into content.

Keep watching!

I know, I know. WordPress 2.6 really broke podPress support.

I am working on a new version of podPress to deal with this, its in testing on my dev site and I hope to have it out by the end of the coming weekend.

Here is a temp fix that may work for you

In your wp-config.php file add this line
define (’WP_POST_REVISIONS’, 0);

The way WordPress now stores revisions of changes (nice feature) ends up causing podPress settings to get out of sync with the latest post content. There are a number of other problems, but that at least should get you up and running while you await the podPress update.

Finally, this podPress update is NOT just for 2.6 support. Its a very large redesign to the codebase which is making it possible for the ports of podPress to Drupal and Joomla in the near future.

My 3rd grade sone did this awesome animation using Stickman, so I have to show it off.

 

 Youtube version [1:04m]: Play Now | Play in Popup | Download
 High Qulaity version: Download (1722)

My buddy rsnake over at Ha.ckers.org posted a report from Larry Suto about tests he performed on web application scanners and comparing how well they cover a web applications code base.

The report is intesting on many fronts, one of which is the fact that the tool I help build at NT OBJECTives came out on top, but also because its the first type of review thats looking at a statistic that really compares scanners in a quantifiable way.

Some comment on the site from users of the other products or from the vendors themselves have made the claim that web scanners are not designed to be “point and shoot” as they say, and that a human should be training the scanner to each web app. I think they are doing users a disservice to work from that assumption.

A scanner should do as much as it can on its own, and let humans do their own pen testing, and/or help point pen testers to areas of interest. If your a organization with hundreds or thousands of web apps that need testing, do you really have the man power to teach your “automated web scanner” how to test each of those apps?

Do you really have time to spend clinking on every link, and filling out every form on a website with some 3000+ pages, or do you want the scanner that does the best job of doing all of this for you?

For all the details, check out the changelog but this is one release that cleans up a ton of mess and adds in support for full integration with the Podango API.

Theres still a few tiny features I want to add in, but its in good shape, and I need sleep so I can run off to the Podcast Expo in a few hours.

UPDATE - Bug in this version… of course, so hang on for next release due out in a few hours

As many of you have seen, I have a “Hackme” site setup to go along with my podcast, and specifically for the Hands On Series podcasts. Well the current king of Web App Security blogging has setup a couple hacker challenges on his site. The ones on my site are really focused toward teaching, the ones on ha.ckers.org are setup for the fun, challenge and bragging rights.

I have had the mis-fortune of being completely swamped in work during the start of these last two, but when the third is up, Im cleaning my calender, turning off cell phones and ignoring any unnecessary chats so I can beat it as quickly as possible and get listed in the top ten. Knowing rSnake, I may decide to put together a small MightySeek team to work together to increase our chances, but I will see how it plays out.

Go have fun, and test your skills

Btw, #2 had a logic flaw which really opens up the next one to additional scrutiny to see whats possible to find during the next one.

Theres been alot of discussion lately about an issue thats near and dear to my heart. The capabilities and of web application security scanning is something I have been living and breathing for about 5 years with NT OBJECTIves. AT NTO I lead the development and research teams involved in building our own scanner called NTOSpider,  and have been trying to increase what is possible to test for in an automated tool.

This is a really difficult and challenging issue, with a bunch of issues that are fuzzy at best. I have high hopes that the WASSEC Project thats being hosted by the Web Application Security Consortium, because its going to bring a bunch of us from the app sec tool vendor space and the web app sec community  together to discuss the issue and attempt to come up with a good reference document for the ways to evaluate scanners.

I’m curious how we will be able to come up with any consensus, but with any luck and some hard work and compromise I think this could be a turning point to helping public understanding of this issue.

I had a pretty interesting day yesterday.
After being up till close to 2am I woke up at 5:30am, showered and drove to the airport to do my 10am talk at WordCamp 2007.
My flight landed at 8:30am and I was picked up by my old buddy Joe Engo. After a couple wrong turns we finally got to the event location at 9:30 in time to get setup.

I finally had a chance to meet Matt Mullenweg, and was thoroughly impressed, this is one young man to watch. To think that at 23, hes at the head of a project thats impacted so many people, and has gained so much interest and respect, and has managed to build a business model around an open sourced app… no easy feat.

So then it sets in. I’m the opening presenter to this conference… I’ve really been too busy to have thought much about my talk at WordCamp the preceding couple of weeks because work has been crazy busy. But standing there getting setup to open the conference I got a bit nervous. Its also been a couple years since doing one of these types of things, so I really started feeling completely unprepared.

Matt introduces me and I ask the audience a few questions about whos familiar with podcasting (everyone) and how many podcasters are out there (a few). Well, this kind of took some thunder out of my slides intended to be used to help explain podcasting basics. I had to think quick to adjust my talk and explain my views of how I feel podcasting to be a little more personal and blah blah. Was a bit of a slow start.

So I figured I could launch into the stuff about podPress and show of the features and talk some praise of WordPress, which I started… and then the Internet connection went dead. Just as I was starting to feel a little comfortable…
With some quick action by the Automattic team I got back online and was quickly followed by the audience and was able to start cracking some lame jokes and getting into a groove about podPress, podcasting and WordPress.

Even with the slow start, I felt like I was finally able to connect and coherently discuss some of the things I am passionate about, and hopefully show how easy it is to get into podcasting, the cool features of podPress and the amazing platform WordPress provided that enabled me to create the feature set. The talk was video taped, so as soon as I get a copy of the video I will be adding the media to this post so it will end up in my feed as a video podcast.

As soon as my talk was over, I chatted with a few people in the lobby for about half and hour, and then headed to the airport to get back home. Next year, as a speaker or not, I’m going to make sure to plan better so I can stay for the entire weekend.

Update: The video is now available.

Thanks to the generous sponsorship of Podango the MightySeek/podPress forums are back online!