Taras, On Wed, Feb 9, 2011 at 1:00 PM, Taras <ox...@oxdef.info> wrote: > Hi, all! > > I just want to say that I have already made simple falsePositiveManager for > w3af. > It has falsePositiveFile (regex patterns) option in miscSettings. Simply it > can test URL against pattern like this: > ... > app = falsePositiveManager() > app.loadFromList(self.patterns) > ... > self.assertFalse(app.isFalsePositive(goodTarget)) > ... > > It can be used in output plugins (it is originally made for it). > In the nearest I will add it to the trunk. > Andres, don't you mind?
I would like to better understand what it does, how it works, etc. Could you please create a branch, apply your patch, and let us know the name of the branch so we can play with it? Thanks! >> 1. What do you think about simple false-positive management in w3af? >> For example, we can add capability to read list of regex patterns from >> special file and test them against request before it will be reported. It >> can be useful in automated usage (scan+reporting) of w3af. > > > -- > Taras <ox...@oxdef.info> > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
