2016-01-17 at 3:13 PM UTC
Guilty as charged, netsparker is officially the most ego-centric shameless self promoting fuzzer out there, putting it's name in a bunch of test payloads, the reason the payloads are 'members' is because the fundamental principle in web app security is that all user input should be untrusted. Sign up forms and login forms are a way for a user or a bot or a fuzzer to input malicious strings, commands whatever. When Lanny decided to turn email confirmation off for user signups netsparker just entered the payload and forwarded the request to the database and such, then the database said, LOL ok, new user added, because actually the web app does a pretty good job of sanitizing user input, except for Lanny for some reason. Anyway, netsparker kind of sucks i switched to OWASP ZED, it's pretty much an intercepting proxy, spider and fuzzer rolled into one, combined with a script engine plus it's easily extensible, i actually prefer it to beef framework as well tbh fam.