Difference between revisions of "Category:OWASP AntiSamy Project"

From OWASP
Jump to: navigation, search
m (What is it?)
Line 1: Line 1:
== What is it? ==
+
== Modelo de Auditoría de sistemas:  ==
  
The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in compliance within an application's rules. Another way of saying that could be: It's an API that helps you make sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc., that get persisted on the server. The term "malicious code" in regards to web applications usually mean "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However, there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that too.
+
Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.  
  
Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism and user have a communication that is virtually one way, for good reason. Letting the potential attacker know details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an attacker could launch a brute force attack or massive account lock denial-of-service. We get that.
+
#Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.  
 +
#OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
 +
#Filtro Web: Previene intrusiones a través de puertos inseguros
 +
#Clam Antivirus: Previene, detecta y corrige virus informático
  
Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web. Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to do their social networking.
+
<br>
  
The [[OWASP_Licenses|OWASP licensing policy]] (further explained in the [[Membership|membership FAQ]]) allows OWASP projects to be released under any [http://www.opensource.org/licenses/alphabetical approved open source license]. Under these guidelines, AntiSamy is distributed under a [http://www.opensource.org/licenses/bsd-license.php BSD license].
+
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 +
|-
 +
| Clam Antivirus
 +
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 +
|-
 +
| Filtro Web
 +
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 +
|-
 +
| OpenVAS
 +
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
 +
|-
 +
| Sistema de Cifrado Congelado
 +
|}
  
== Who are you? ==
+
|}
  
AntiSamy was originally authored by Arshan Dabirsiaghi (arshan.dabirsiaghi [at the] gmail.com) with help from Jason Li (li.jason.c [at the] gmail.com), both of Aspect Security (http://www.aspectsecurity.com/). The problem AntiSamy solves was often described as "impossible" or "impossible to do right". The folks with the AntiSamy project hope to antiquate that idea in a hurry. As of now, there are Java and .NET implementations of AntiSamy, though the framework is implementable in any language. The Java version is callable from ColdFusion.
+
|}
  
PHP developers should use [http://htmlpurifier.org/ HTMLPurifier], another free utility similar to AntiSamy.
+
|}
  
== What's the difference between AntiSamy Java, .NET, etc.? ==
+
== Descripción softwares de auditoría  ==
  
[[AntiSamy Version Differences|This page]] shows a big-picture comparison between the versions. Since it's an unfunded open source project, the ports can't be expected to mirror functionality exactly. If there's something a port is missing -- let us know, and we'll try to accommodate, or write a patch! 
+
*El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
  
== How do I get started? ==
+
*Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
  
There's 4 steps in the process of integrating AntiSamy. Each step is detailed in the next section, but the high level overview follows:
+
*El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.
# Download AntiSamy from [http://code.google.com/p/owaspantisamy/downloads/list its home on Google Code]
+
# Choose one of the standard policy files that matches as close to the functionality you need:
+
#* antisamy-slashdot.xml
+
#* antisamy-ebay.xml
+
#* antisamy-myspace.xml
+
#* antisamy-anythinggoes.xml
+
# Tailor the policy file according to your site's rules
+
# Call the API from the code
+
  
=== Stage 1 - Downloading AntiSamy ===
+
*Clamwin.com es un software de código abierto, no usa computación en la nube y tiene una GUI que detecta virus en línea http://sourceforge.net/projects/clamsentinel
  
The following instructions are for AntiSamy Java, the main version. For instructions on the .NET version, see the .NET page.
+
== Macroinformática  ==
  
Which package you download depends on what you want to do with AntiSamy. If you'd like to extend it or review the code, download the source package. If you're looking to integrate AntiSamy, you can either download the library or use Maven to include it in your build. If you want to use Maven, here's an example POM for including AntiSamy. If you want a jar file, then '''download the antisamy-bin-X.X.X.jar''' (which, before version 1.2 was confusingly called "antisamy-standalone-X.X.X.jar"), which only contains AntiSamy library. This will be the preferred choice for mature enterprise environments who don't want to be caught in classpath issues which may be introduced by the current version.
+
La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:
  
The second option versions before 1.2 is '''downloading antisamy-standalone-X.X.X.jar''', which contains not only the AntiSamy code, but all necessary supporting libraries. This should only be used by applications that don't use the libraries AntiSamy ships with as they might introduce classpath and versioning issues.
+
*Transmisión cifrada: Cliente e-mail con GnuPG
  
For convenience, the download page also contains the necessary libraries for running AntiSamy in '''antisamy-required-libs.zip'''.
+
http://fellowship.fsfe.org
  
You can Download AntiSamy from [http://code.google.com/p/owaspantisamy/downloads/list its home on Google Code]
+
*Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
  
=== Stage 2 - Choosing a base policy file ===
+
#ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
 +
#http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
  
Chances are that your site's use case for AntiSamy is at least roughly comparable to one of the predefined policy files. They each represent a "typical" scenario for allowing users to provide HTML (and possibly CSS) formatting information. Let's look into the different policy files:
+
*Ruby: Lenguaje de programación experimental
  
1) antisamy-slashdot.xml
+
http://ruby-lang.org
  
Slashdot (http://www.slashdot.org/) is a techie news site that allows users to respond anonymously to news posts with very limited HTML markup. Now Slashdot is not only one of the coolest sites around, it's also one that's been subject to many different successful attacks. Even more unfortunate is the fact that most of the attacks led users to the infamous goatse.cx picture (please don't go look it up). The rules for Slashdot are fairly strict: users can only submit the following HTML tags and no CSS: &lt;b&gt;, &lt;u&gt;, &lt;i&gt;, &lt;a&gt;, &lt;blockquote&gt;.
+
*J2re1.3.1_20: Ejecutable de objetos interactivos o applets
  
Accordingly, we've built a policy file that allows fairly similar functionality. All text-formatting tags that operate directly on the font, color or emphasis have been allowed.  
+
http://java.sun.com/products/archive/j2se/1.3.1_20/index.html
  
 +
*Escritorio: Gestor de ventanas X11
  
 +
http://windowmaker.info
  
2) antisamy-ebay.xml
+
*Gnuzilla: Navegador seguro y de uso libre
  
eBay (http://www.ebay.com/) is the most popular online auction site in the universe, as far as I can tell. It is a public site so anyone is allowed to post listings with rich HTML content. It's not surprising that given the attractiveness of eBay as a target that it has been subject to a few complex XSS attacks. Listings are allowed to contain much more rich content than, say, Slashdot- so it's attack surface is considerably larger. The following tags appear to be accepted by eBay (they don't publish rules): <a>,...
+
http://code.google.com/p/iceweaselwindows/downloads/list
  
 +
*Gnupdf: Visor de formato de texto universal pdf
  
 +
http://blog.kowalczyk.info/software/sumatrapdf
  
3) antisamy-myspace.xml
+
*Gnuflash: Jugador alternativo a flash player
  
MySpace (http://www.myspace.com/) is arguably the most popular social networking site today. Users are allowed to submit pretty much all HTML and CSS they want - as long as it doesn't contain JavaScript. MySpace is currently using a word blacklist to validate users' HTML, which is why they were subject to the infamous Samy worm (http://namb.la/). The Samy worm, which used fragmentation attacks combined with a word that should have been blacklisted (eval) - was the inspiration for the project.
+
http://gnu.org/software/gnash
  
 +
*Zinf: Reproductor de audio
  
4) antisamy-anythinggoes.xml
+
http://zinf.org
  
I don't know of a possible use case for this policy file. If you wanted to allow every single valid HTML and CSS element (but without JavaScript or blatant CSS-related phishing attacks), you can use this policy file. Not even MySpace is _this_ crazy. However, it does serve as a good reference because it contains base rules for every element, so you can use it as a knowledge base when using tailoring the other policy files.
+
*Informática forense: Análisis de datos ocultos en el disco duro
  
 +
http://sleuthkit.org
  
 +
*Compresor: Comprime datos sobreescribiendo bytes repetidos
  
=== Stage 3 - Tailoring the policy file ===
+
http://peazip.sourceforge.net
  
Smaller organizations may want to deploy AntiSamy in a default configuration, but it's equally likely that a site may want to have strict, business-driven rules for what users can allow. The discussion that decides the tailoring should also consider attack surface - which grows in relative proportion to the policy file.
+
*Ftp: Gestor de descarga de archivos
  
You may also want to enable/modify some "directives", which are basically advanced user options. [[AntiSamy Directives|This page]] tells you what the directives are and which versions support them.
+
http://dfast.sourceforge.net
  
=== Stage 4 - Calling the AntiSamy API ===
+
*AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)
  
Using AntiSamy is abnormally easy. Here is an example of invoking AntiSamy with a policy file:
+
http://psmantikeyloger.sourceforge.net
  
<code><pre>import org.owasp.validator.html.*;
+
*Password manager: Gestión de contraseñas
  
Policy policy = Policy.getInstance(POLICY_FILE_LOCATION);
+
http://passwordsafe.sourceforge.net
  
AntiSamy as = new AntiSamy();
+
*Limpiador de disco: Borra archivos innecesrios del sistema
CleanResults cr = as.scan(dirtyInput, policy);
+
  
MyUserDAO.storeUserProfile(cr.getCleanHTML()); // some custom function
+
http://bleachbit.sourceforge.net
</pre></code>
+
  
There are a few ways to create a Policy object. The <code>getInstance()</code> method can take any of the following:
+
*Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual
* a String filename
+
* a File object
+
* an InputStream
+
  
Policy files can also be referenced by filename by passing a second argument to the <code>AntiSamy:scan()</code> method as the following examples show.:
+
http://kessels.com/jkdefrag
  
<code><pre>AntiSamy as = new AntiSamy();
+
*X11: Gestor de ventanas, reemplazo de escritorio Xwindow's
CleanResults cr = as.scan(dirtyInput, policyFilePath);</pre></code>
+
  
Finally, policy files can also be referenced by File objects directly in the second parameter:
+
http://bb4win.org
  
<code><pre>AntiSamy as = new AntiSamy();
+
*Open Hardware: Hardware construído por la comunidad Linux
CleanResults cr = as.scan(dirtyInput, new File(policyFilePath));</pre></code>
+
  
=== Stage 5 - Analyzing CleanResults ===
+
http://open-pc.com
  
The CleanResults object provides a lot of useful stuff.
+
*Open WRT: Firmware libre para configurar transmisión de Internet
  
<code>getErrorMessages()</code> - a list of <code>String</code> error messages
+
http://openwrt.org
  
<code>getCleanHTML()</code> - the clean, safe HTML output
+
*Gnu- Linux: Sistema operativo universal
  
<code>getCleanXMLDocumentFragment()</code> - the clean, safe <code>XMLDocumentFragment</code> which is reflected in <code>getCleanHTML()</code>
+
http://gnewsense.org
  
<code>getScanTime()</code> - returns the scan time in seconds
+
== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.
  
== Project roadmap ==
+
Implementación de la biocriptoseguridad informática:
  
This section details the status of the various ports of AntiSamy.
+
#Amplificar la banda ancha
 +
#Optimizar (limpiar- modificar) el sistema operativo
 +
#Desfragmentar los discos lógicos
 +
#Ocultar el sistema operativo
 +
#Configurar antivirus
 +
#Limpiar y desfragmentar
 +
#Congelar
  
=== Grails ===
+
*Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
Daniel Bower created a [http://www.grails.org/plugin/sanitizer Grails plugin] for AntiSamy.
+
  
=== .NET ===
+
*Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
A .NET port of AntiSamy is available now at the [[:Category:OWASP AntiSamy Project .NET|OWASP AntiSamy .NET]] page. The project was funded by a Summer of Code 2008 grant and was developed by Jerry Hoff.  
+
  
This port is no longer under active development, and is looking for a few good developers to help make it feature-synchronized with the .NET version. If it doesn't suit your needs, consider Microsoft's [http://blogs.msdn.com/b/securitytools/archive/2009/09/01/html-sanitization-in-anti-xss-library.aspx AntiXSS] library.
+
*Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.
  
=== Python ===
+
Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware
A beta Python version is currently being prototyped by a few different groups. As more information becomes available, we will post it here. If you are interested in helping, please contact the mailing list.
+
  
=== PHP ===
+
*http://code.google.com/p/hzr312001/downloads/detail?name=Deep%20systemze%20Standard%20Version%206.51.020.2725.rar&amp;can=2&amp;q= (para Window's)
Although a PHP version was initially planned, we now suggest [http://htmlpurifier.org HTMLPurifier] for safe rich input validation for PHP applications.
+
*http://sourceforge.net/projects/lethe (para GNU/Linux)
  
== Presentations on AntiSamy ==
+
<br>Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:
  
From OWASP & WASC AppSec U.S. 2007 Conference (San Jose, CA): [http://www.owasp.org/images/e/e9/OWASP-WASCAppSec2007SanJose_AntiSamy.ppt AntiSamy - Picking a Fight with XSS (ppt)] - by Arshan Dabirsiaghi - AntiSamy project lead
+
*Gnupg: Sirve para cifrar mensajes de correo electrónico http://gpg4win.org/download.html
  
From OWASP AppSec Europe 2008 (Ghent, Belgium): [http://www.owasp.org/images/4/47/AppSecEU08-AntiSamy.ppt The OWASP AntiSamy project (ppt)] - by Jason Li - AntiSamy project contributor
+
*Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org
  
From OWASP AppSec India 2008 (Delhi, India): [https://www.owasp.org/images/9/9d/AppSecIN08-ValidatingRichUserContent.ppt Validating Rich User Content (ppt)] - by Jason Li - AntiSamy project contributor
+
*Red protegida: DNS libre http://namespace.org/switch
  
From Shmoocon 2009 (Washington, DC): [http://www.shmoocon.org/2009/slides/OWASP%20Winter%202009%20Shmoocon%20-%20Anti%20Samy.pptx AntiSamy - Picking a Fight with XSS (pptx)] - by Arshan Dabirsiaghi - AntiSamy project lead
+
*Criptosistema simétrico: Encapsula el disco duro, incluyendo el sistema operativo,usando algoritmo Twofish http://truecrypt.org/downloads.php
  
== Contacting us ==
+
*Proxy cifrado: Autenticación de usuario anónimo http://torproject.org
There are two ways of getting information on AntiSamy. The mailing list, and contacting the project lead directly.
+
  
=== OWASP AntiSamy mailing list ===
+
Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.
The first is the mailing list which is located at https://lists.owasp.org/mailman/listinfo/owasp-antisamy. The list was previously private and the archives have been cleared with the release of version 1.0. We encourage all prospective and current users and bored attackers to join in the conversation. We're happy to brainstorm attack scenarios, discuss regular expressions and help with integration.
+
 
+
=== Emailing the project lead ===
+
 
+
For content which is not appropriate for the public mailing list, you can alternatively contact the project lead, Arshan Dabirsiaghi, at [arshan.dabirsiaghi] at [aspectsecurity.com].
+
 
+
=== Issue tracking ===
+
 
+
Visit the [http://code.google.com/p/owaspantisamy/issues/list Google Code issue tracker].
+
 
+
== Sponsors ==
+
 
+
The initial Java project was sponsored by the [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]]. The .NET project was sponsored by the [[OWASP Summer of Code 2008]]
+
 
+
== Project's Assessment ==
+
 
+
This project was assessed by [[:User:Jeff Williams|Jeff Williams]] and his evaluation can be seen [http://spreadsheets.google.com/ccc?key=pAX6n7m2zaTW-JtGBqixbTw '''here'''].
+
 
+
[[Category:OWASP Project|AntiSamy Project]]
+
[[Category:OWASP Tool]]
+
[[Category:OWASP Download]]
+
[[Category:OWASP Release Quality Tool]]
+

Revision as of 16:26, 7 February 2011

Modelo de Auditoría de sistemas:

Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.

  1. Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.
  2. OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
  3. Filtro Web: Previene intrusiones a través de puertos inseguros
  4. Clam Antivirus: Previene, detecta y corrige virus informático


Clam Antivirus
Filtro Web
OpenVAS
Sistema de Cifrado Congelado

Descripción softwares de auditoría

  • El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
  • Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
  • El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.

Macroinformática

La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:

  • Transmisión cifrada: Cliente e-mail con GnuPG

http://fellowship.fsfe.org

  • Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
  1. ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
  2. http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
  • Ruby: Lenguaje de programación experimental

http://ruby-lang.org

  • J2re1.3.1_20: Ejecutable de objetos interactivos o applets

http://java.sun.com/products/archive/j2se/1.3.1_20/index.html

  • Escritorio: Gestor de ventanas X11

http://windowmaker.info

  • Gnuzilla: Navegador seguro y de uso libre

http://code.google.com/p/iceweaselwindows/downloads/list

  • Gnupdf: Visor de formato de texto universal pdf

http://blog.kowalczyk.info/software/sumatrapdf

  • Gnuflash: Jugador alternativo a flash player

http://gnu.org/software/gnash

  • Zinf: Reproductor de audio

http://zinf.org

  • Informática forense: Análisis de datos ocultos en el disco duro

http://sleuthkit.org

  • Compresor: Comprime datos sobreescribiendo bytes repetidos

http://peazip.sourceforge.net

  • Ftp: Gestor de descarga de archivos

http://dfast.sourceforge.net

  • AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)

http://psmantikeyloger.sourceforge.net

  • Password manager: Gestión de contraseñas

http://passwordsafe.sourceforge.net

  • Limpiador de disco: Borra archivos innecesrios del sistema

http://bleachbit.sourceforge.net

  • Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual

http://kessels.com/jkdefrag

  • X11: Gestor de ventanas, reemplazo de escritorio Xwindow's

http://bb4win.org

  • Open Hardware: Hardware construído por la comunidad Linux

http://open-pc.com

  • Open WRT: Firmware libre para configurar transmisión de Internet

http://openwrt.org

  • Gnu- Linux: Sistema operativo universal

http://gnewsense.org

== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.

Implementación de la biocriptoseguridad informática:

  1. Amplificar la banda ancha
  2. Optimizar (limpiar- modificar) el sistema operativo
  3. Desfragmentar los discos lógicos
  4. Ocultar el sistema operativo
  5. Configurar antivirus
  6. Limpiar y desfragmentar
  7. Congelar
  • Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
  • Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
  • Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.

Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware


Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:

  • Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org

Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.

Subcategories

This category has the following 2 subcategories, out of 2 total.