Holm Security is sponsoring w3af!

Posted by:

Prepare yourself for great news: Holm Security, an information security solutions provider based in Sweden, is sponsoring the w3af project!

Holm Security is a company focused on automated and continuous vulnerability assessments for network, web and fraud prevention. Their platform is called Holm Security VMP where VMP stands for Vulnerability Management Platform.

holm-security

w3af is one of the key components in their web scanning ...

Read more →
0

Not a web designer

Posted by:

Today I spent the evening improving the `html_file` plugin, which is used to generate HTML reports based on w3af’s findings. The old version had many issues, the main being that it used hard-coded HTML string concatenation to create the report (uff!) and an encoding bug which was stopping users from generating reports in some edge cases. Since fixing the hard-coded HTML issue also fixed the encoding bug, I decided to go ahead and Read more →

0

Join our mentorship program

Posted by:

Interested in learning more about web application security and Python? Join our mentorship program! I’m offering to guide three students in a 1 month learning process where they’ll learn by doing.

This is the first of hopefully many of these mentorship programs, the basics are:

  • We communicate over IRC
  • You work with the other students in a task
  • 60 minutes a day is the max amount of time I can spend on guiding students, so part of the challenge is ...
Read more →
0

Don’t write your own web application security scanner

Posted by:

tl;dr Don’t write your own web application security scanner, it is too hard. Contribute to an existing project instead.

Every now and then I receive an email with this format: “I’ve used web scanning tool X for a while and it doesn’t work the way I want. I’m writing my own tool and would like you to help me with some ideas/pointers”. Usually I answer privately, but that doesn’t seem to be scaling, so here’s my public response to all of you.

Writing and ...

Read more →
0

The 1.6 release

Posted by:

After all the wait, expectations, and hard work I present you the 1.6 release:

  • Improved performance: your scans will run faster
  • Improved quality: 1300+ unittests are run after each change to make sure we don’t add any regressions
  • Now you’ll be able to easily integrate w3af into other projects with a simple import w3af
  • Better documentation

New users should follow the usual installation procedure:

If you already have a w3af installation the migration should be fairly easy, just:

The requirements for the latest version have changed, ...

Read more →
0

Testing before Monday’s release

Posted by:

bug squasherEvery now and then I ask for a favor, and… well… now I’m asking for one! The next release will be on Monday, and I need you to test w3af to make sure it doesn’t have any critical bugs before I merge into develop into master.

I’ve been working hard on fixing a ton of bugs, improving performance, continuous integration and many other things.

All 1300+ unittests PASS in the continuous integration ...

Read more →
0

w3af’s documentation now at readthedocs.org

Posted by:

Last week a pull request to update the French translation of our user’s guide made me focus my attention on our documentation. I started to think about the requirements for a great w3af documentation: feature complete, easy to write, easy for users to contribute, updated, searchable and easy to find. Our documentation met almost none: the last update was almost a year ago, was written in ODT and manually exported to HTML and PDF and wasn’t indexed by any ...

Read more →
0

How w3af uses Continuous Integration

Posted by:

If you’ve talked with me during the last year, you noticed how in love I’m with continuous integration, test driven development and all related with increasing the development speed of a team without compromising quality.

Ten months ago I decided it was time to run w3af’s unit-test suite in a CI system, but due to other more important projects the task was delayed. Finally a couple of weeks ago I ...

Read more →
0

DOM XSS in w3af.org: Fixed!

Posted by:

A couple of days ago I was contacted by Christy Philip Mathew with a short and interesting email:

I was visiting your website and found an XSS Vulnerability. Please find the URL below. Thanks

http://w3af.org/#!prettyPhoto/2,%3Ca%20onclick=%22alert%28/XSS Vulnerability/%29;%22%3E/

My first thought was: “Well, this happens to everyone, lets fix it quickly”. After some minor analysis of the URL (before clicking it, I wasn’t going to click without reading !) I realized that this was a DOM XSS. ...

Read more →
0
Page 1 of 2 12