[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: applicability?
Hi folks, I just wanted to check if there was any thought to "applicability" markers in the current core schema? I don't see anything of the sort in the current schema checked into the OWASP WAS repository. By applicability I mean, this test should be executed when we see a new server (or new server:port pair), that test should be executed when we see a new directory entry, the other test should be executed when we see a new file entry. This is useful as an initial filter for tests that should be executed, and also allow us to know which URL components to expect to be valid when we try to execute the test itself. I think it is quite important to provide this information to execution engines, so that they can optimise their execution of the various tests. for example, you can always expect meaningful "${host}" and "${port}" values, but "${path}", "${file}" and "${extension}" may be non-existent at times. Some examples of tests that would be executed at each level: server:port -> existence of well-known cgi's, a la Nikto/whisker path -> existence of accessible .htaccess files in that dir file -> existence of ${file}.bak or ${file}.old, etc Please consider including such a tag/description in the test meta data. Thanks Rogan
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]