Re: [sqlmap-users] w3af REST API recommendations

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Great reply :)

Bye
On Mar 20, 2014 4:13 PM, "Brandon Perry" <bpe...@gm...> wrote:

> I can't comment on building the API, but I maintain C# bindings to the
> sqlmap REST API and, programmatically, it works really well.
>
> There is no authentication, but I only ever run it on localhost anyway so
> this isn't a big deal to me.
>
> I have tested it under relatively heavy load (one API instance testing
> multiple applications) and it has been performant. I don't recall ever
> saying "Man, I wish this were faster".
>
> JSON is totally the way to go for data requests/responses.
>
> One recommendation I have since I deal with many APIs on a daily basis is
> please don't assume the programmers will be interacting with your API with
> language X. The Metasploit MSGPACK API is a good example of this and is
> very cumbersome to use from a strongly typed language. Arachni falls into a
> similar field relying on Ruby-style marshalling or YAML which I simply
> can't do from, say, C#.
>
> Aside from sqlmap, I also really like the cuckoo-sandbox API.
>
>
>
> On Thu, Mar 20, 2014 at 10:00 AM, Andres Riancho <and...@gm...
> > wrote:
>
>> List,
>>
>>     I'm going to abuse the list a little bit, and poke your brains for
>> a while, so be prepared :)
>>
>>     The w3af project wants to implement its own REST API to expose the
>> w3afCore and KnowledgeBase objects. The core allows users to configure
>> the plugins and start the scan, and the knowledge base holds the
>> vulnerabilities.
>>
>>     You guys implemented a REST API for sqlmap, which has been up and
>> running for a while now.
>>
>>     What I wanted to know is:
>>         * What's the technology stack you guys used for creating the REST
>> API?
>>         * Were you happy with it? Would you use something different if
>> you had the chance?
>>         * Have you tested the API under heavy load?
>>         * Do you have the concept of sessions and users in the API? Why
>> not?
>>         * Any recommendations on API design? (paths, results, hrefs, etc.)
>>
>>     Thanks!
>>
>> Regards,
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>