List,
I've been watching Marco `embyte` Balduzzi's talk on HTTP
Parameter Pollution [0] where he explains in detail how he developed a
tool to detect this type of vulnerabilities (also documented in this
PDF [1] ) and I wondered if someone was interested in contributing to
the w3af project by writing an audit plugin that would detect this
type of vulnerability! The techniques used in detection seem easy and
the framework provides everything you need. Any volunteers?
[0] http://www.securitytube.net/video/2222
[1] http://media.hacking-lab.com/scs3/scs3_pdf/SCS3_2011_Balduzzi.pdf
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
