Andres,
> Something that I forgot to mention, and is one of the most important > features (it's simple, but VERY powerfull) that I'm going to code > whenever I've got some minutes is a "report false positive" / "report > false negative" button in the GUI, just below the vulnerability > description, that will allow users to fill a form with a detailed > description about WHY the request/response pair is a false positive / > false negative. This simple form will give the project MUCH more > feedback from the users, and if implemented right... it will ease up > the transition from user to small time contributor. > > Of course... I'll need an "HTML obfuscator" or something like that, so > users will actually send the html responses without having the idea > that I'm identifying which pages they are scanning. This is the > hardest part! > > Cheers, I think that is a great idea! The easiest way to get it started would be to allow the user to obfuscate the data sent, but you run the risk of them removing the valuable information too I guess. Would it also be feasible to allow the user to flag and remove the Vuln from the interface and report if it is found to be a false positive? -Brad ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
