[OWASP-stinger] StingerLearnFilter

Roman F. ref66 at yahoo.com
Mon Nov 22 13:08:46 EST 2004


Jeff - 

Life has settled down finally and I am going to devote some time to
Stinger this weekend.  Currently I plan to address the items in
StingerLearnFilter that are mentioned in the email below.  Do you have
anything else you would like to throw in?

Roman

--- "Roman F." <ref66 at yahoo.com> wrote:
> Date: Thu, 30 Sep 2004 21:51:16 -0700 (PDT)
> From: "Roman F." <ref66 at yahoo.com>
> Subject: [OWASP-stinger] StingerLearnFilter
> 
> I fired up the StingerLearnFilter on my dev box today and it works
> great. 
> Almost too great, as it creates an awful lot of SVDL files in no time. 
> Even the .js and .css files get SVDL.  
> 
> There were a couple small bugs in the source but I fixed them and
> committed  to CVS.  
> 
> With a pretty good sized app it created a lot of SVDL files.  For it to
> be
> useful I'm going to figure out a way to configure some default messages
> for most parameters, editing all the SVDL by hand would be incredibly
> time
> consuming.  Hardcoding them isn't really an option because I think I've
> unearthed a real usability problem.  
> 
> I'm thinking it would be nice to initialize it with a default SVDL file
> that applies to /*, and the created SVDL would only contain Rules for
> request parts that are not listed in the default file.  This would cut
> down on the hand-editing considerably.  
> 
> I would also like to implement some of the FIXME ideas in the comments,
> such as checking for SVDL that has already been created for a URL and
> enhancing it if there are new parts found.
> 
> In the next few weeks I will try to deploy Stinger and the
> StingerLearnFilter in a production environment and see how it goes. 
> I'll
> keep you informed!
> 
> Roman



		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 





More information about the Owasp-stinger mailing list