When the API fuzzer or injector match an error string, store which string was matched

WithSecureOpenSource / mittn

Mittn: Security test tool runner for test automation in CI

Apache License 2.0

195 stars 35 forks source link

When the API fuzzer or injector match an error string, store which string was matched #12

Open anttivs opened 10 years ago

anttivs commented 10 years ago

When using httpfuzzer, currently the database only holds an indication whether one of the error strings in the feature file matched in the server response body. To make the false positive triage easier, the actual string that matched should be stored in the database as well.

anttivs commented 9 years ago

Database schema extensions and all the database plumbing has been implemented as a part of #11.