Brad, On Tue, Nov 11, 2008 at 1:13 PM, Brad Causey <[EMAIL PROTECTED]> wrote: > > > Andres, > >> Something that I forgot to mention, and is one of the most important >> features (it's simple, but VERY powerfull) that I'm going to code >> whenever I've got some minutes is a "report false positive" / "report >> false negative" button in the GUI, just below the vulnerability >> description, that will allow users to fill a form with a detailed >> description about WHY the request/response pair is a false positive / >> false negative. This simple form will give the project MUCH more >> feedback from the users, and if implemented right... it will ease up >> the transition from user to small time contributor. >> >> Of course... I'll need an "HTML obfuscator" or something like that, so >> users will actually send the html responses without having the idea >> that I'm identifying which pages they are scanning. This is the >> hardest part! >> >> Cheers, > > I think that is a great idea! > The easiest way to get it started would be to allow the user to obfuscate > the data sent, but you run the risk of them removing the valuable > information too I guess. > > Would it also be feasible to allow the user to flag and remove the Vuln from > the interface and report if it is found to be a false positive?
That's a good idea too =) > -Brad > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
