[Ssc-dev] Veracode Call and Server Questions
Harlo Holmes
harlo.holmes at gmail.com
Tue May 14 01:05:37 EDT 2013
That's correct. It's running Tornado on top of Lighttpd with couchdb as its
database.
I didn't know that was going to be part of the code review-- there is not
really any front-end to speak of, so I'm not sure if pen testing the web
interface is super conducive at this point because it's bound to change
drastically once we hire a web person for the job.
On May 13, 2013 5:49 PM, "Bryan Nunez" <bryan at witness.org> wrote:
> Hi all,
>
> I had a call with Veracode today and they had a few questions about the
> server set up. I'm not sure if the wiki is up to date since there's been a
> lot of work on the server side.
>
> Is it still basically Python, CouchDB and LighttPD?
>
> The way they work is through automated scans of binaries you upload to the
> service, for the server side they'll do automated penetration testing
> depending on how the server is configured. They charge yearly based on
> project rather than seats and the regular commercial price is between
> $17000 - 15000 for a year's worth of automated testing. Since we're
> nonprofit and open source we should get a pretty good discount though I'm
> not sure if our budget is still enough to cover it in the short term.
>
> Harlo and/or Barbra can you confirm the server config and let me know?
> I'd like to get back to them and see what we can work out.
>
> Thanks,
> Bryan
>
> --
> Bryan Nunez
> Technology Manager
> WITNESS
> +1 (718) 783-2000 x-348
> GPG ID: 54E3286C7C631254
> GPG Fingerprint: 6115 6A41 0F5A 9AA0 67B6 79D8 54E3 286C 7C63 1254
>
> Check out our Human Rights Channel <http://www.youtube.com/humanrights> on
> YouTube
>
> _______________________________________________
> Ssc-dev mailing list
>
> Post: Ssc-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/ssc-dev
>
> To Unsubscribe
> Send email to: Ssc-dev-unsubscribe at lists.mayfirst.org
> Or visit:
> https://lists.mayfirst.org/mailman/options/ssc-dev/harlo.holmes%40gmail.com
>
> You are subscribed as: harlo.holmes at gmail.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/ssc-dev/attachments/20130514/903cb70c/attachment.html>
More information about the Ssc-dev
mailing list