IA Inventory Nightmare, solved?

For the past decade we have faced a reoccurring problem in Information Technology and Information Assurance, this problem is constructing and maintaining an accurate inventory of IT assets.  Most organizations run into trouble when going down the path of creating an inventory of IT assets or a configuration management databases for a few of the following reason:

  • Data models are not clearly defined
  • Data retention and maintenance is not defined
  • Lack of automation in curating data
  • Not leverage existing authoritative sources of data
  • The platform for the inventory is not extensible
  • The platform does not reflect current business processes
  • Data extraction and views are not intuitive
  • Cultural barrier
  • Lack of executive buy in

With that being said I am soliciting anyone that might be interested in developing a proof of concept of an IT asset inventory for automatically curating an inventory of front facing web applications with appropriate contact information. The workflow I have captured so far is shown in the figure below.   The languages that I am looking to advance this POC in is Python for the back end and Javascript for the front end.  If anyone else is interested in contributing to the architecture or the development of the POC please hit me up.

Site Discovery - New Page

Free Burp Suite Tutorials

Saw a post today on reddit for free Burp Suite Tutorials. If  you enter the following promo code REDDIT_FREE_BURP at The New Boston Store you will be able to download the digital content.  The tutorials comes as a 800 MB zip file that decompresses to 1.2 GB of mp4 video files. I’ve started viewing them already and I suggest you have a hypervisor ready to install a test web application on.  The web application they are using to test against in the tutorials so far is bWapp.  If enough people are interested we might start a study group.  Please respond the distribution list if you are interested in the study group.

RingZer0 Team Online CTF


RingZer0 Team  Online CTF doesn’t appear to have a time limit and is available to anyone that would like to play once they register with the site.  A few of us have already started playing and have started scoring points.  I recommend everyone check it out.

RingZer0 Team Online CTF