Downloaded for the purpose to test websecurify. It looks nice and instrumental in learning web application security.

I'm not sure if the XSS reflected section was or was not intentionally left out since I know you are still working on this version but just in case I wanted to let you know.

And another thing, I saw it some where on the web that you have tested websecurify and I wanted to know if you used it against dvwa. I tried it but it appears that this tool needs to authenticate to dvwa to fully test it. There's no way to add login information to websecurify unless its possible to add it to the URL. Any tips you can provide? Thanks.

Hey! thanks for your speedy response. I will download the official version and hopefully in the future websecurify will work against dvwa.

Keep up the good work. DVWA is a nice piece of work. Thanks again.

Ok, I tested DVWA 1.0.5 using WEBSECURIFY. You first have to click on the "login to the application first" link in websecurify then supply http://127.0.0.1 and it will scan it completely.

Now, websecurify only reported CSRF, Autocomplete enabled and banner disclosure. I know this tool is in beta stage and I'm looking forward to future improvements.

When WEBSECURIFY is scanning, it shows the directories that it is scanning so I assume its going through all of them. Also, I don't know if the built-in browser remembers the security settings when I set it to low.

Your right! 

I was pointing WEBSECURIFY to http://127.0.0.1/dvwa instead of http://127.0.0.1. Once I moved everyhting else off my webserver and pointed it to http://127.0.0.1 it scans eveything.

I'll do some further testing and see if I can get it to recognise the security level cookie.

Im still waiting on a reply from pdp (the author) about this. Will get back to you when he gets back to me.