Identify and exploit a SQL injection

One of the most difficult parts of securing your application is to identify the vulnerable parameters and define the real risk. This video shows how to easily identify and exploit SQL injection vulnerabilities. As bonus the video shows how to extract information using web application payloads.

Batteries included

Want to know more about the low-level features provided by our framework? Go through our features page in order to understand what’s under the hood.

Plugin architecture

Vulnerabilities are identified using plugins, which are short and sweet pieces of Python code that send specially crafted HTTP requests to forms and query string parameters to identify errors and mis-configurations.


Easy to use for novice users, fully customizable for hackers and developers. We’ve built it that way.

Expert tools

Besides the automated scanning features w3af’s GUI provides expert tools which allow the advanced users to manually craft and send custom HTTP requests, generate requests in an automated manner, cluster HTTP responses and more!


Hungry for more info? Let me recommend you our FAQ, the framework's feature summary, the plugin list and our HOWTO documents.