OWASP VFW Project/Roadmap


 * HTTP RFC ensuring/enforcement.
 * Generic/"WEB-1" threats:
 * Dir Traversal;
 * Internal file extensions (SO, Web, VCS, etc);
 * Unix/Windows commands;
 * Bad UA (scanners);
 * Load HTTP BODY (POST) - Prove Of Concept;
 * Injection:
 * SQL Injection;
 * SSI Injection;
 * XSS;
 * Automated tests;
 * Simple Web Interface (Dashboard);
 * Módule for handle HTTP BODY (POST) - VMOD;
 * HTTP BODY VMOD improvements:
 * Handle content-types (webservices);
 * XML;
 * JSON.