Taras wrote: > Andres, > > by the way currently I'm coding context detection logic with tests here [0]. > > [0] https://w3af.svn.sourceforge.net/svnroot/w3af/branches/xss/test.py > >
You may wish to look at how both arachni and ZAP handle this problem, as they both now detect 100% of the XSS part of the WAVSEP benchmark. (I must admit I have some concerns with using REGEX to do the job instead of a real parser for both false positives and false negatives.) Steve -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID E9E996C1 | ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
