[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [was] applicability?
I sent this message a few days ago, but got no response.
Hi folks,
I just wanted to check if there was any thought to "applicability"
markers in the current core schema? I don't see anything of the sort in
the current schema checked into the OWASP WAS repository.
By applicability I mean, this test should be executed when we see a new
server (or new server:port pair), that test should be executed when we
see a new directory entry, the other test should be executed when we see
a new file entry.
This is useful as an initial filter for tests that should be executed,
and also allow us to know which URL components to expect to be valid
when we try to execute the test itself. I think it is quite important to
provide this information to execution engines, so that they can optimise
their execution of the various tests.
for example, you can always expect meaningful "${host}" and "${port}"
values, but "${path}", "${file}" and "${extension}" may be non-existent
at times.
Some examples of tests that would be executed at each level:
server:port -> existence of well-known cgi's, a la Nikto/whisker
path -> existence of accessible .htaccess files in that dir
file -> existence of ${file}.bak or ${file}.old, etc
Please consider including such a tag/description in the test meta data.
Alternatively, do you think that this information should actually be
part of the Test data, and has no place in the Meta-data as such?
Thanks
Rogan
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]