Testing

gethead released

Friend, and colleague Nathan LaFollette has released a new tool to analyse http headers for security vulnerabilities. It is called get head. Here is the info from the github page

gethead

HTTP Header Analysis Vulnerability Tool

View the Project on GitHubhttphacker/gethead

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers.

Usage:

$ python gethead.py http://domain.com

Changelog

Version 0.1 – Initial Release 

  • Written in Python 2.7.5
  • Performs HTTP Header Analysis
  • Reports Header Vulnerabilities

 

Features in Development

Version 0.2 – Next Release (November 2013 Release) 

  • Support for git updates
  • Support for Python 3.3
  • Complete Header Analysis
  • Additional Logic for Severity Classifications
  • Rank Vulnerabilities by Severity
  • Export Findings with Description, Impact, Execution, Fix, and References
  • Export with multi-format options (XML, HTML, TXT)

 

Development Seed, operating out of their garage. May have been why the ACA site failed so badly

There is an article on the washington post outlining how the site got off the ground. You can check it out here.
By looking at the article, it looks like it was not properly tested. They also talk about all of the components of the site.

This sounds like Service virtualization could have been a critical testing component.

I bet they were an agile shop <sarcasm>