Security research, news and guidance

So you want to be an Agnitio contributor?

September 9, 2011  |  Written by Security Ninja  |   Application Security, Ninja News and Updates   |   Leave a comment

Hi everyone,

I just wanted to write a quick blog post today about contributing to Agnitio. I always hoped that the project would reach a point where people not only wanted to use it but also wanted to give up some of there own time to make it better.

I have mentioned in a previous post how some people had already been giving up their time to give feedback and code to the project which is great. I’ve seen a lot more people asking if they can help out after I released v2.0 in Las Vegas last month which I’m excited about and it’s why I’m writing this blog post.

I currently have a list of over 50 things myself and others want to see in Agnitio and at the moment I’m making priority calls based on two things; a) What are people asking for the most and b) What can I include in the next release so I can deliver it in a reasonable amount of time. This might not be the optimal approach but at the moment apart from around 50 lines of code contributed by others I’m the only one writing code for Agnitio. As with most open source projects I write this code in my own free time during evenings and weekends so I’m looking for others to help me out now to push the project forward.

Agnitio will keep on getting better with just me writing code but it will be slower, incremental progress rather than big leaps forward which I’d really like to see. I’m open to anyone who feels they could contribute to the project but I would certainly want them to understand the commitment they need to make. In the past year I’ve learned that people can often underestimate the amount of time they need to contribute from their own free time. This is exactly why Agnitio v2.0 didn’t ship with support for non English languages. The people who were tasked with translating content such as Angel Alonso and Tiago Henriques delivered their work on time. I have Spanish and Portuguese checklists and guidance data sitting on my development machine at home right now thanks to those guys. The mistake I made was assigning the UI work needed to support non English languages to someone who in hindsight really didn’t have the desire to commit the time needed to complete the work. As the old saying goes – once bitten, twice shy so don’t be surprised if I only assign small, less important work to people until I’m confident that they can deliver what the project needs.

I don’t have the full list of outstanding work with me right now so I might update this blog post later today with a longer list but some of the tasks that I’d like help on are listed below:

  • Checklists for language specific security checks. Dynamic checklists are something I’d like to include in Agnitio but I need language specific checklists to be contributed for most of the languages that can be selected for an application profile.
  • PDF reports. Agnitio currently creates xml and html reports and I’d also like create PDF reports.
  • Metric graphs. I’d like to include more metrics graphs using other information from the database as well as replacing the currently chart library with something better.

As I said above this is far from a complete list but they are the things that I know I’d like some help with. I’d also like some help from experienced developers because I’m sure my “throw code together to make something happen” approach is going to make some things much more difficult at some point in the future!

If you want to find out more or possibly volunteer then please get in touch via email (securityninja at realexpayments dot com) or Twitter.

SN

This entry was posted on September 9, 2011 at 5:50 pm and is filed under Application Security, Ninja News and Updates . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

VIDEOS & SLIDESHARES

Look at our latest security Videos & SlideShares

EVENTS & SEMINARS

Upcoming Security Events & Seminars

PODCASTS & DOWNLOADS

Check out our Podcasts & White Papers