The Journey to Nerine
As I sit to write this post I realize it's been a little over a year since I blogged. It's for good reason though, I've been heads down writing a lot of code and it's been quite the journey. Let's take a quick look at the last year in the life of LCI Security Ventures.
Web Application Starter Pack
About nine months ago, I released Web Application Starter Pack, which is a simple framework for creating secure Go-based web applications. I am a firm believer in using go test to validate my Go applications and wanted to make it easy for others to do the same, so I added tests for all of WASP's core functionality. The tests are simple text files that use a domain specific language to describe requests and their expected responses. The basic idea comes from webtest, which is itself based on an internal Golang testing tool. I quickly learned that I needed additional functionality to handle cookies between requests and to support testing HTTPS web applications, so I wrote my own version of webtest to do exactly that.
A New Web Application
The reason I wrote WASP was to make it easier for me to write other web applications, including the appropriate tests. As I started writing my new web app, I again found myself needing testing features that weren't present in my fork of Webtest. As I set about adding those features, I realized what I needed would be useful to other web developers as well, not just those using go test. In the end, I ended up with a server agnostic, static web application testing tool that uses a DSL similar to the one in Webtest but that is more consistent and extensible. In addition the new tool has functionality to extract data from web responses to be reused in other tests.
Unfettered Capitalism
While I've made a lot of contributions to the open source ecosystem over the years and will continue to do so, I decided this tool should be something I sell. I started looking at platforms to sell digital products and realized they all wanted to take a 30% cut of sales. I'm all for paying a fair price for a good service but this felt like usury, so I started with WASP and a Stripe account and built my own platform for selling my software, complete with proper web application tests. Now I have a simple way to sell and license my web application testing tool, Nerine.
Nerine
Nerine is a static web application testing tool that allows you to send a pre-defined web request and verify the response matches your expectations. Nerine executes test scripts, which are comprised of one or more test cases that are executed sequentially. With each test case you can modify the request, compare the response to what you expect, and extract data from the response to use in subsequent test cases. Nerine comes in three flavors, Personal, Professional, and Enterprise, which are distinguished by how they can be used. You can learn more about Nerine, purchase a license, and download the manual at our development site.
LCISec Development
Like I said, the past year has been a journey and the path has led me to starting a development arm of the LCI Security Ventures, LLC. Following the Unix Philosophy of making tools that do one thing well, my goal is to build practical, affordable, security tools for individuals, consultants, and enterprises. Take a look at Nerine and if it seems like it can meet your needs, purchase a copy and let us know how you are using it. If you really like it, tell other security practitioners and help me build a sustainable business, one satisfied customer at a time.