Taras,
On Wed, Feb 9, 2011 at 1:00 PM, Taras <ox...@oxdef.info> wrote:
> Hi, all!
>
> I just want to say that I have already made simple falsePositiveManager for
> w3af.
> It has falsePositiveFile (regex patterns) option in miscSettings. Simply it
> can test URL against pattern like this:
> ...
> app = falsePositiveManager()
> app.loadFromList(self.patterns)
> ...
> self.assertFalse(app.isFalsePositive(goodTarget))
> ...
>
> It can be used in output plugins (it is originally made for it).
> In the nearest I will add it to the trunk.
> Andres, don't you mind?
>
>> 1. What do you think about simple false-positive management in w3af?
>> For example, we can add capability to read list of regex patterns from
>> special file and test them against request before it will be reported. It
>> can be useful in automated usage
> (scan+reporting) of w3af.
I've read through your implementation which is available here [0]. I
like the idea, but also think that we could do something better using
the framework's features. What do you think about this idea:
* Create a new type of plugin (name to be determined)
* Create a false_positive remover plugin
* The false positive remover plugin would somehow hook itself to
every knowledge base write action (save, append methods) and based on
user defined rules, remove the false positives.
* The user defined rules could be saved as the plugin parameter,
and persisted inside the profile (this allows for easy interaction
between two w3af users that share profiles) (this would require us to
write a better wrapper for the "list type" in the GUI to allow easy
access to all user defined rules).
After we finish this initial implementation we could write smarter
plugins that would have "business rules" like: "If there are more than
10 SQL injection vulnerabilities in the KB, create a new vulnerability
that says "you're screwed" " , or something on those lines :P
This subject was discussed by Tasos in one of the mailing lists I'm
subscribed to, but I don't seem to be able to find the link to it.
[0] http://w3af.svn.sourceforge.net/viewvc/w3af?view=revision&revision=4036
>
> --
> Taras <ox...@oxdef.info>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
