List,
I've been thinking about innovative ways to get my hands on more
error messages, and after some thinking I decided to let you guys know
about my idea with the objective of getting criticism and feedback:
- As you guys know, many of the plugins depend on detecting error
messages. For example, the SQL injection detection simply sends d'z"0
to each parameter, and if the response matches against the regular
expression "You have an error in your SQL syntax" then you have a SQL
injection.
- The power of most of those plugins resides in having a BIG and
complete database.
- Collecting new database entries is difficult
- The community should have an easy way to contribute
- I thought about running a contest where players are going to send
new error messages using twitter. The format of the messages should be
something like "#w3af_error_contest SQL INJECTION
<error_message_here>". I would create a small script to read from
twitter and keep track of who is winning (the guy that sent more error
messages).
- In order to avoid cheating, if a user submits an error message that
is already in w3af or was submitted by another user: you get no
points.
- The winner gets some decent amount of money via paypal (200USD ?)
If the contest is a success, it will also be good marketing for
the w3af project, as many users will be tweeting about w3af! What do
you guys think? Any new ideas, feedback?
Cheers,
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
