Going to be at BlackHat this year? I’ll be there too! Come visit our booth at the BlackHat Arsenal on Thursday 7 August: Breakers JK – Station 2 12:45 – 14:45.
I’ll be showing the new framework features with demos and source code.Read more →
After all the wait, expectations, and hard work I present you the 1.6 release:
New users should follow the usual installation procedure:
If you already have a w3af installation the migration should be fairly easy, just:
The requirements for the latest version have changed, ...Read more →
Every now and then I ask for a favor, and… well… now I’m asking for one! The next release will be on Monday, and I need you to test w3af to make sure it doesn’t have any critical bugs before I merge into develop into master.
I’ve been working hard on fixing a ton of bugs, improving performance, continuous integration and many other things.
All 1300+ unittests PASS in the continuous integration ...Read more →
Last week a pull request to update the French translation of our user’s guide made me focus my attention on our documentation. I started to think about the requirements for a great w3af documentation: feature complete, easy to write, easy for users to contribute, updated, searchable and easy to find. Our documentation met almost none: the last update was almost a year ago, was written in ODT and manually exported to HTML and PDF and wasn’t indexed by any ...Read more →
If you’ve talked with me during the last year, you noticed how in love I’m with continuous integration, test driven development and all related with increasing the development speed of a team without compromising quality.
Ten months ago I decided it was time to run w3af’s unit-test suite in a CI system, but due to other more important projects the task was delayed. Finally a couple of weeks ago I ...Read more →
A couple of days ago I was contacted by Christy Philip Mathew with a short and interesting email:
I was visiting your website and found an XSS Vulnerability. Please find the URL below. Thanks
My first thought was: “Well, this happens to everyone, lets fix it quickly”. After some minor analysis of the URL (before clicking it, I wasn’t going to click without reading !) I realized that this was a DOM XSS. ...Read more →
During the past days I’ve been working on creating a Python “w3af” module. What’s that many may ask! Well, the basic idea is that after the feature branch is done, users will be able to “import w3af” in their Python code and extend the framework more easily.
The ones which will benefit the most with this change are developers which extend w3af, want to include it in other Python tools, etc. It was very difficult to do that before, but it ...Read more →
A feature request appeared on our IRC, private conversations and mailing lists once every year or so: “I want to be able to detect if my site is spreading malware”. Last week it appeared again and this time it was implemented, so for your enjoyment I give you w3af – ClamAV integration.
The basic ...Read more →
Last year was great, I had time to read and understand something that was a complete mystery for me: HTML5.
After reading through the great documentation and examples at html5rocks, applying the knowledge while developing PoC applications and going through all the HTML5 security papers available it felt right to give a talk about it. This is my Prezi for “Understanding HTML5 Security”, enjoy!Read more →
Yesterday I delivered a two hour, free, w3af workshop at the ISSA Charlotte Summit. This was the first workshop of this type I’ve delivered and the experience was great. I’m sure many awesome things will come out of it! The workshop objectives are:
If you’re organizing a conference and would like to ...Read more →