search

mfazliazran / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

Scan stability on flaky targets #160

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
Skipfish has problems with flaky targets and produces inconsistent scan 
results. The scanner catches connection errors and misses potential pivots.

One solution could be a throttling of requests per second when a growing number 
of errors is encountered. Failed requests could be rescheduled to take care of 
potential missed pivots or vulnerabilities.

Original issue reported on code.google.com by s.rosc...@gmail.com on 26 Aug 2012 at 9:06

GoogleCodeExporter commented 8 years ago 
This is partially solved in 2.08b with better detection of failed connections.
However, what remains to be done, at minimum is, to reschedule a test set in 
case one of the requests/responses failed (currently we skip the test set).

Additional changes we can make:

1) Better highlighting of connection/request failure so that it's clear that 
the scan needs to be re-run (this counts for the console and HTML report)
2) Throttling requests (although this might be hard to do right)

So leaving open ;-)

Original comment by niels.he...@gmail.com on 1 Sep 2012 at 7:05