[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WAS Test
Guys Yuval Ben-Itzak (now an individual member) is going to help act as custodian to get the Test element complete. I have sent him the last few weeks emails as I fear they may not have got to him. He has this question that I thought I would forward. <snip> Is Rogan's Schema to describe a vulnerability still valid ? or do we use another one. As I did not see a definition for the ComplexType element "sqlInjection" in the file you sent me I thought it probably reference Rogan's schema - am I correct ? </snip> This is where I think the Test element development is. Initial VulnXML DTD defined Some weaknesses identified and styles / approaches to moving forward (calling reusable functions etc) Initial Java execution engine built into WebScarab for POC Plans for a C# engine to show interoperability of signatures Things that I know need to happen before WAS 1.0 spec release are; Confirm, explore and document the weaknesses in VulnXML Convert that existing work to Schema and use schema moving forward Develop test cases to explore weaknesses and make improvements to schema design until we are happy with WAS Test 1.0 Develop the Java and C# reference implementations Document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]