Menu
▾
▴
RE: [Owasp-input-api-developers] Testing tool/framework anddevelopment platform survey
|
From: Matt W. <wi...@ce...> - 2002-08-19 03:55:49
|
On Sun, 2002-08-18 at 22:14, Alex Russell wrote: [...] > Ick. I say let's do the testing framework in one language (Java's great > with me) and let's have it do file-based/stdin-based invocation of the > various interepreters and define some form of output that test programs > should feed back to the caller so that we can determine success or > failure. > > Extending this to parse HTTP server input shouldn't be much harder at > all (simply request with a socket, feed our malicous input, parse HTTP > reply in common format). Something like this might even be able to test > against various servers running different configs once we have it > working corretly. The first step though is to get it working at the > command line with a set of reasonable bad input against a reasonable set > of interpreters. > > Anyone think I'm smoking crack here? I just think that perl will be the quickest and best way to handle the tests. LWP::simple anyone? and parsing? You'd actually consider something else? ;p I see no need for an elaborate java program to do all of this. While tests are important, they shouldn't require a huge investment. Should they? -matt -- Matthew Wirges Developer, CERIAS Incident Response Database wi...@ce... Credo quia absurdum est. |
