OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [was] Meeting Minutes

Hi folks,

The WAS engine is checked into the CVS for WebScarab at SourceForge, or you
can get an interim release from my personal web page at
http://home.intekom.co.za/rdawes/WebScarab.jar

The WAS engine is not accessible through the GUI. You will need to call it
in the following way:

java -cp webscarab.jar org.owasp.webscarab.plugin.was.WASExecutor url
testfile

You may also need to get the jakarta commons libs, if it complains about
missing class files.

Currently, it does nothing with the test description. In particular, it does
not check to see whether it applies to a particular URL. That will probably
be done this week some time.

Also, it does not implement Request Body functionality, so you cannot do
POST. I have also not yet implemented building a request query from
individual parameter elements. If you want an URL with parameters, build it
in the <URL> block using ${variable} if necessary.

Currently, I think it should be sufficient to implement most of the Whisker
and Nikto tests, given the restrictions above.

I hope to have time to work on it this week.

Rogan

-----Original Message-----
From: Mark Curphey
To: was@lists.oasis-open.org
Sent: 10/22/03 9:42 PM
Subject: [was] Meeting Minutes

Meeting minutes from last weeks meeting are now posted on the OASIS
site.

In short Rogan Dawes has created a basic WAS execution engine in order
for
the TC members to explore the limitations of the existing VulnXML format
and
design WAS accordingly.

So at this point we need people to start creating test cases, recording
real
limitations and designing WAS 1.0 accordingly. 

Please take time to download the current engine, build test cases and
share
your experience. 

Rogan, can you update everyone with the limitations of the current
engine
build so we don't build test cases that are currently not implemented in
the
reference engine, and point everyone to the latest build ?

Thanks


To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/was/members/leave_workgroup
.php.

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]