Andres, That sounds like a good idea but wouldn't the char limitation prevent the input of the full error?
Stephan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andres Riancho Sent: Wednesday, February 10, 2010 7:51 AM To: [email protected] Subject: [W3af-users] Web application error contest List, I've been thinking about innovative ways to get my hands on more error messages, and after some thinking I decided to let you guys know about my idea with the objective of getting criticism and feedback: - As you guys know, many of the plugins depend on detecting error messages. For example, the SQL injection detection simply sends d'z"0 to each parameter, and if the response matches against the regular expression "You have an error in your SQL syntax" then you have a SQL injection. - The power of most of those plugins resides in having a BIG and complete database. - Collecting new database entries is difficult - The community should have an easy way to contribute - I thought about running a contest where players are going to send new error messages using twitter. The format of the messages should be something like "#w3af_error_contest SQL INJECTION <error_message_here>". I would create a small script to read from twitter and keep track of who is winning (the guy that sent more error messages). - In order to avoid cheating, if a user submits an error message that is already in w3af or was submitted by another user: you get no points. - The winner gets some decent amount of money via paypal (200USD ?) If the contest is a success, it will also be good marketing for the w3af project, as many users will be tweeting about w3af! What do you guys think? Any new ideas, feedback? Cheers, -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
