Feature request: Multi-DBMS application

sectooladdict / wavsep

The Web Application Vulnerability Scanner Evaluation Project

Other

226 stars 68 forks source link

Feature request: Multi-DBMS application #3

Open andresriancho opened 9 years ago

andresriancho commented 9 years ago

At the moment wavsep is mysql-only, as a web application scanner I would like to see it evolve to a multi-DB application so that I can test (blind) SQL injection detection capabilities for SQL Server, Oracle, pgsql, etc.

sectooladdict commented 9 years ago

Might be a good idea to branch it.

I actually wrote a version for MSSQL, which I eventually never released...

Maybe I'll be able to find it and release it in the current batch.

On Mon, Aug 31, 2015 at 2:42 PM, Andres Riancho notifications@github.com wrote:

At the moment wavsep is mysql-only, as a web application scanner I would like to see it evolve to a multi-DB application so that I can test (blind) SQL injection detection capabilities for SQL Server, Oracle, pgsql, etc.

— Reply to this email directly or view it on GitHub https://github.com/sectooladdict/wavsep/issues/3.

andresriancho commented 9 years ago

Not sure if the best for all would be to have a wavsep-mysql , wavsep-pgsql, etc. (in different branches). Maybe the best is to:

Have a /sql/mysql/ directory containing all the tests for mysql, /sql/pgsql/ for pgsql, etc. or,
Have a /sql/ directory with all the SQL stuff and have a /sql/switch.jsp script that will change the DBMS used by all the scripts in /sql/

But other users might disagree

sectooladdict commented 9 years ago

Doing it otherwise will require some core changes (class replication / etc), doable, but much more changes.

The switch option however - sounds MUCH better. noted.

On Mon, Aug 31, 2015 at 3:40 PM, Andres Riancho notifications@github.com wrote:

Not sure if the best for all would be to have a wavsep-mysql , wavsep-pgsql, etc. (in different branches). Maybe the best is to:

Have a /sql/mysql/ directory containing all the tests for mysql, /sql/pgsql/ for pgsql, etc. or,

Have a /sql/ directory with all the SQL stuff and have a /sql/switch.jsp script that will change the DBMS used by all the scripts in /sql/

But other users might disagree

— Reply to this email directly or view it on GitHub https://github.com/sectooladdict/wavsep/issues/3#issuecomment-136360728.