OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WAS Test


Yuval Ben-Itzak (now an individual member) is going to help act as
custodian to get the Test element complete. I have sent him the last few
weeks emails as I fear they may not have got to him. He has this
question that I thought I would forward.

Is Rogan's Schema to describe a vulnerability still valid ? or do we use
another one.
As I did not see a definition for the ComplexType element "sqlInjection"
in the file you sent me I thought it probably reference Rogan's schema -
am I correct ?

This is where I think the Test element development is.

Initial VulnXML DTD defined
Some weaknesses identified and styles / approaches to moving forward
(calling reusable functions etc)
Initial Java execution engine built into WebScarab for POC
Plans for a C# engine to show interoperability of signatures

Things that I know need to happen before WAS 1.0 spec release are;

Confirm, explore and document the weaknesses in VulnXML
Convert that existing work to Schema and use schema moving forward
Develop test cases to explore weaknesses and make improvements to schema
design until we are happy with WAS Test 1.0
Develop the Java and C# reference implementations

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]