[WEB SECURITY] Artificial Intelligence vs. Human Intelligence on finite amounts of possible outcomes

Tasos Laskos tasos.laskos at gmail.com
Tue Feb 1 19:35:19 EST 2011


>> C'mon man don't keep to yourself share the examples.
> Well, they're pretty trivial, but for example, skipfish does a
> postprocessing round to eliminate duplicates and other loops; and
> generally looks at a variety of information collected in earlier
> checks to make decisions later on (e.g., the outcome of 404 probes,
> individual and cumulative - if there are too many 404 signatures,
> something has obviously gone wrong; etc). Nothing of this is special,
> and it does not prevent it from being extremely dumb at times, but
> it's probably unfair to say that absolutely no high-level
> meta-analysis is being done.
>
> /mz
>
Of course not, I didn't mean to say that all scanners just blindly spew 
out their findings,
but they seem to be sticking with the bare minimum, just enough for 
their results to make sence and reduce some noise.
(Myself included obviously.)

Like you said, there's much room for improvement and we need to start 
from somewhere.





More information about the websecurity mailing list