Warning: sem_get() [function.sem-get]: failed for key 0x152b: Permission denied in /home/insanese/public_html/blog/wp-content/plugins/wp-cache/wp-cache-phase2.php on line 98

Warning: Cannot modify header information - headers already sent by (output started at /home/insanese/public_html/blog/wp-content/plugins/wp-cache/wp-cache-phase2.php:98) in /home/insanese/public_html/blog/wp-includes/feed-rss2.php on line 8
insanesecurity » web application security scanner http://insanesecurity.info/blog security through a distorted eye Mon, 23 Aug 2010 01:18:58 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Web application attack and audit framework http://insanesecurity.info/blog/web-application-attack-and-audit-framework http://insanesecurity.info/blog/web-application-attack-and-audit-framework#comments Thu, 25 Feb 2010 22:31:12 +0000 dblackshell http://insanesecurity.info/blog/?p=321 Recently Larry Suto published his second paper on web application security scanners (if you are wondering about his first one, you can find it here) and as expected it once again stirred up a couple of people.

And while he analyzed the most used web security scanners, I wonder if we could change our direction and focus on a not so well know, open source web application scanner.

Probably you’ve figured about now what I’m talking about, as writen in the title, I’m talking about “web application attack and audit framework” or w3af.

The authors describe it for short:

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

While this resembles the ideea (and direction) by which the project started, for me it seems that w3af is so much of a framework as Joomla! is for web applications development. I would rather call it a full featured web application testing platform.

Even if I’m not that big of a fan for automated vulnerability scanners, I have to admit that w3af has a nice series of discovery plugins which are enough reasons for me to give it thumbs up.

That’s all I wanted to share with you today. For more information about w3af I recommend their source forge page and Andre Riancho’s interview for OWASP podcast (this dude is the core developer of w3af)

]]> http://insanesecurity.info/blog/web-application-attack-and-audit-framework/feed 0
Warning: sem_acquire(): supplied argument is not a valid SysV semaphore resource in /home/insanese/public_html/blog/wp-content/plugins/wp-cache/wp-cache-phase2.php on line 107

Warning: sem_release(): supplied argument is not a valid SysV semaphore resource in /home/insanese/public_html/blog/wp-content/plugins/wp-cache/wp-cache-phase2.php on line 116