Taras wrote on 11.11.2009 13:06: > Example with maxlenght is not good. > Such validation usually is made on JavaScript. > What should do in such situation? > My point of view is we do not need to pay so much attention to client side > *security* validation because it is not so trivial but at same time is not > main factor in validation schema.
look the other way around: if w3af gives hints about *expected" values for a parameter, you (or even w3af) can easyly find the unexpected ones This has nothing to do with client-side security. We all know that each check on client-side must be done on server-side also. So, identifying length limits, hidden values and constants (i.e. select options) is a good idea and can be feed to a fuzzer plugin to make more sophisticated tests. A good example how to present such results is ntoinsight crawler. Does this make sense? Achim ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
