[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [was] Meeting Minutes
Hi folks, The WAS engine is checked into the CVS for WebScarab at SourceForge, or you can get an interim release from my personal web page at http://home.intekom.co.za/rdawes/WebScarab.jar The WAS engine is not accessible through the GUI. You will need to call it in the following way: java -cp webscarab.jar org.owasp.webscarab.plugin.was.WASExecutor url testfile You may also need to get the jakarta commons libs, if it complains about missing class files. Currently, it does nothing with the test description. In particular, it does not check to see whether it applies to a particular URL. That will probably be done this week some time. Also, it does not implement Request Body functionality, so you cannot do POST. I have also not yet implemented building a request query from individual parameter elements. If you want an URL with parameters, build it in the <URL> block using ${variable} if necessary. Currently, I think it should be sufficient to implement most of the Whisker and Nikto tests, given the restrictions above. I hope to have time to work on it this week. Rogan -----Original Message----- From: Mark Curphey To: was@lists.oasis-open.org Sent: 10/22/03 9:42 PM Subject: [was] Meeting Minutes Meeting minutes from last weeks meeting are now posted on the OASIS site. In short Rogan Dawes has created a basic WAS execution engine in order for the TC members to explore the limitations of the existing VulnXML format and design WAS accordingly. So at this point we need people to start creating test cases, recording real limitations and designing WAS 1.0 accordingly. Please take time to download the current engine, build test cases and share your experience. Rogan, can you update everyone with the limitations of the current engine build so we don't build test cases that are currently not implemented in the reference engine, and point everyone to the latest build ? Thanks To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/was/members/leave_workgroup .php. Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]