Andres, >> Now time for WAVSEP! :) > > That's AWESOME news! I've just reviewed what WAVSEP has for XSS, and > the ideal thing would be to make sure we pass all tests inside these > directories: > > RXSS-Detection-Evaluation-COOKIE-Experimental > RXSS-Detection-Evaluation-GET > RXSS-Detection-Evaluation-GET-Experimental > RXSS-Detection-Evaluation-POST > RXSS-Detection-Evaluation-POST-Experimental > RXSS-FalsePositives-GET > > In the best case scenario we would have one test for each test case > (note there are many inside each directory). That way we would know > exactly which case fails if we break something.
Currently w3af with new XSS plugin have found 42 XSS vulnerabilities in http://localhost:8080/wavsep/active/index-xss.jsp Now I am trying to find out what is passed. I will write unit tests for it. -- Taras http://oxdef.info GPG: C8D1F510 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
