[Owasp-leaders] Pentesting: Is there a collection of REs for HTTP response analysis?
petand at lvk.cs.msu.su
Fri Nov 20 11:15:09 EST 2009
does any one know, if there is a database of regular expression for
testing HTTP responses while doing a pentest?
Let me outline the problem (in a simplistic way):
- a black-box scanner can detect successful XSS by noticing the code it
had injected in subsequent pages;
- a black-box scanner can detect SQLI blindly;
- other possible manifestations of an exploited vulnerability are 5xx
codes and error mesages.
I know only about ModSecurity Core Rule Set. It can be used to detect
Does anyone know other sources?
Thanks in advance!
Moscow State University
More information about the OWASP-Leaders