whoisjoe.com

My name is Joe Basirico, I help people build secure software. Learn more »

Projects

A list of all of the different projects I've developed over the years.

Joe_CMS

This site runs the JoeCMS (the name is still a work in progress), which I wrote after trying to get some of the "big" CMS's working for weeks. The intent of this CMS is simplicity. You can create new pages easily, link within the site easily and manage a blog easily. You can even make changes to the CSS and templates online (if you're so inclined), you guessed it, easily. For more examples of where this CMS is used check out Technically Learning, my non-profit to help kids learn science and mathematics and Katherine Sather's website. If you'd like to give JoeCMS a spin just send me an e-mail and ask. For more information on getting set up see the help page

Technically Learning

Technically Learning was founded over four years ago by a small group of friends tired of complaining about the lack of women and minorities in their fields of Science, Technology, Engineering and Mathematics (STEM). The founders, most of whom are still board members, believed (and still do) that every child, regardless of their gender, race or socio-economic background, should have the opportunity in the STEM fields.

By improving the quality of STEM education through fun, exciting and engaging activities, projects and curriculum, we believe that more children will choose higher education and pursue careers in these fields.

WikiRater

I created WikiRater as a project to help me create an algorithm to automatically rate the quality of a Wikipedia article. I'd love to be able to request a random, high quality article from Wikipedia, read the top 100 best articles or to help the Wikimedia foundation out by highlighting the bottom 100 articles that need help. If you register and rate articles you'll be helping me do that. Each time you rate an article I'll let you know what WikiRater would have rated, so sign up and join the fun!

SuperSecureBank

SuperSecure bank is very much a fictional online bank. Any resemblance to any other bank is purely coincidental and is actually quite regrettable. This website is truly riddled with security vulnerabilities, do not use any aspect of this site as an example of how to create a secure online site. Do not reproduce any line of code in a production system. Any failure to do so will likely cause your entire website to become very insecure.

That said, this site is intended to help interested people learn about common web vulnerabilities. Each vulnerability in this system has been seen in the wild in recent history. These vulnerabilities represent a wide array of potential issues that hackers and other malicious users may attempt to exploit. Failure to protect yourself against these types of issues could result in any number of myriad vulnerabilities, not limited to complete server compromise and data loss.

WhatTheFuzz

A very basic fuzzer to replicate the "sniper" functionality in Burp. WhatTheFuzz needs a source of invalid values. You can create one by adding a bunch of test cases to a text file (one per line) or I suggest you use FuzzDB, a great resource for that kind of thing. BSD License.

YASAT (Yet Another Static Analysis Tool)

YASAT (Yet Another Static Analysis Tool) is a very basic static analysis tool, really it's less about static analysis and more about running a group of regular expressions on a code base and generating a report on the resulting matches.

I found myself grepping a code base repeatedly and found that I had accumulated a decent set of Regex's that I'd use to point me in the right direction during a code review.

I wrote this tool to make that process less painful.

Program Flow

  • YASAT loads any it can find in the "Rules" directory and will report the number of rules it found.
  • Select any file in the source directory. YASAT will recursively load and match each file to rules
  • Click "Scan for Issues" - this step may take a while depending on the number of rules and the number of source files.
  • When YASAT has finished click the "Generate Report" button to save an HTML version of the issues discovered

RegexMatcher

The RegexMatcher is a simple .net tool to help you write and verify regular expressions. Simply type the regular expression in the top text box and the text you'd like to match below. If there is no match the window will turn red. If there is a match the window will turn green and the matches and captures will be displayed in the right text box.

If there is an issue with your regular expression you can get help by hovering over the ! icon to the right of the regex textbox.

You can configure the regex engine to match your desired behavior by checking or unchecking the boxes at the top right of the window.

Transform

Transform is an easy to use encoder/decoder. It can help to bypass input filters or to verify values are being properly encoded. Supports a bunch of different encoding and hashing types.

Simply type the text you'd like to encode in the top or bottom text boxes, select the encoding or decoding method and click "top to bottom" or "bottom to top" to encode or decode the value.