.

w3af 1.0 Stable Version Released

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jun 24, 2011 2:46 am

w3af 1.0 Stable Version Released


w3af - And now, with a stable core - Wed, 25 May 2011 13:10:06 GMT

Since our latest w3af release in mid January, and our new windows installer release a couple of months ago, we've got lots of encouraging words telling us we are going in the right direction. The objective was near and we could almost taste it. Having a stable code-base is no joke, it requires countless hours of writing unit-tests, running w3af scripts and most importantly: fixing bugs. Now, finally we're here!

In this latest release, we bring you a couple of the most important improvements of our framework:
* Stable code base, an improvement that will reduce your w3af crashes to a minimum. We've been working on fixing all of our long-standing bugs, wrote thousands of lines of doctests and various types of automation to make sure we can also keep improving without breaking other sections of the code.

* Auto-Update, which will allow you to keep your w3af installation updated without any effort. Always get the latest and greatest from our contributors!

* Web Application Payloads, for people that enjoy exploitation techniques, this is one of the most interesting things you'll see in web application security! We created various layers of abstraction around an exploited vulnerability in order to be able to write payloads that use emulated syscalls to read, write and execute files on the compromised web server. Keep an eye on this blog for an entry completely dedicated to this subject!

* PHP static code analyzer, as part of a couple of experiments and research projects, Javier Andalia created a PHP static code analyzer that performs tainted mode analysis of PHP code in order to identify SQL injections, OS Commanding and Remote File Includes. At this time you can use this very interesting feature as a web application payload. After exploiting a vulnerability try: "payload php_sca", that will download the remote PHP code to your box and analyze it to find more vulnerabilities!



For full news release:
http://w3af.sourceforge.net/#news

Don
CISSP, MCSE, CSTA, Security+ SME
<<

dbest

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Jun 23, 2011 1:14 pm

Post Fri Jun 24, 2011 3:12 am

Re: w3af 1.0 Stable Version Released

Thanks for the info. Never tested it before, but kept hearing about it. Will have a go at the PHP static code analyzer against some of my code.
CISM, CEH, CISA, ISO 27001 LA

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software