[Owasp-antisamy] testing question

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Thu Jun 12 15:27:12 EDT 2008

We have not done any fuzzing. If you have a smart fuzzer and want to throw it at AntiSamy, that'd be really great. No one I know of has done anything similar.


From: owasp-antisamy-bounces at lists.owasp.org on behalf of J Irving
Sent: Thu 6/12/2008 3:23 PM
To: owasp-antisamy at lists.owasp.org
Subject: [Owasp-antisamy] testing question


I've been poking around the code, and I see there's a set of unit
tests which runs several known to be bad strings through AntiSamy.
Have you guys done any fuzzing?

The reason I mention this is that I spotted issue 12 in your tracker,
and it occurred to me that it would be interesting to find any other
similar errors or unexpected responses. It seems that the easiest way
to do this would be to throw lots of random text at it. If someone has
already done this work (or something similar) please respond.


   cheers, J
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080612/bd9cf295/attachment.html 

More information about the Owasp-antisamy mailing list