Eliminate from the evolutionary algorithm those directives that do not change the ZAP score

JJ / 2020-WCCI-variable-attack-surface

Paper on optimal nginx configuration for generating variable attack surfaces

GNU General Public License v3.0

3 stars 1 forks source link

Eliminate from the evolutionary algorithm those directives that do not change the ZAP score #21

Open JJ opened 4 years ago

JJ commented 4 years ago

For instance, "server" and "X-Powered-By" will not change the value of the ZAP score, as far as I understand it. A default value can be used, and then these can be generated randomly.

erseco commented 4 years ago

This value is for changing the values to act as different servers to have more diverse configurations. As we are focused on security optimization we can dismiss it.