[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BANLkTimOeFXG5ZUJ6+3kk_tKXsmpGLFQ_A@mail.gmail.com>
Date: Thu, 26 May 2011 07:40:33 +0800
From: Christian Frichot <xntrik@...il.com>
To: Andres Riancho <andres.riancho@...il.com>
Cc: webappsec@...urityfocus.com, webappsec <websecurity@...appsec.org>,
full-disclosure <full-disclosure@...ts.grok.org.uk>,
owasp-argentina@...ts.owasp.org, "w3af-develop@...ts.sourceforge.net"
<W3af-develop@...ts.sourceforge.net>, w3af-users@...ts.sourceforge.net
Subject: Re: [W3af-develop] [TOOL] w3af 1.0-stable
released!
Congrats Andres and team! You guys have worked really hard and it's
fantastic to see this come to fruition!
Cheers,
Christian Frichot
e: xntrik@...il.com
t: @xntrik
w: http://un-excogitate.org
On Wed, May 25, 2011 at 9:46 PM, Andres Riancho
<andres.riancho@...il.com> wrote:
> List,
>
> Since our latest w3af release in mid January, and our new windows
> installer release a couple of months ago, we've got lots of
> encouraging words telling us we are going in the right direction. The
> objective was near and we could almost taste it. Having a stable
> code-base is no joke, it requires countless hours of writing
> unit-tests, running w3af scripts and most importantly: fixing bugs.
> Now, finally we're here!
>
> In this latest release, we bring you a couple of the most
> important improvements of our framework:
>
> * Stable code base, an improvement that will reduce your w3af
> crashes to a minimum. We've been working on fixing all of our
> long-standing bugs, wrote thousands of lines of doctests and various
> types of automation to make sure we can also keep improving without
> breaking other sections of the code.
>
> * Auto-Update, which will allow you to keep your w3af
> installation updated without any effort. Always get the latest and
> greatest from our contributors!
>
> * Web Application Payloads, for people that enjoy exploitation
> techniques, this is one of the most interesting things you'll see in
> web application security! We created various layers of abstraction
> around an exploited vulnerability in order to be able to write
> payloads that use emulated syscalls to read, write and execute files
> on the compromised web server. Keep an eye on the rapid7 community
> blog an entry completely dedicated to this subject!
>
> * PHP static code analyzer, as part of a couple of experiments
> and research projects, Javier Andalia created a PHP static code
> analyzer that performs tainted mode analysis of PHP code in order to
> identify SQL injections, OS Commanding and Remote File Includes. At
> this time you can use this very interesting feature as a web
> application payload. After exploiting a vulnerability try: "payload
> php_sca", that will download the remote PHP code to your box and
> analyze it to find more vulnerabilities!
>
> And many others, such as:
>
> * Refactoring of HTTP cache and GTK user interface code to
> store HTTP requests only once on disk (5% performance improvement)
> * Performance improvement in sqlite database by using indexes
> (1% performance improvement)
> * Huge w3af code-base refactoring on how URLs are handled.
> Moved away from handling URLs as strings into a url_object model. This
> reduces the number of times a URL is parsed into its component pieces
> (protocol, domain, path, query string, etc.) and put back together
> into a string, which clarifies the code and makes it run faster.
>
> We have a stable release, w0000t! Hmmmm.... have we finished? Should
> we go home? No! We still have work to do; there are still features and
> capabilities we'd like to add. For example,as you read this, we're
> working on integrating the multiprocessing module into w3af's code,
> with the objective of using more than one CPU core at the same time
> and substantially improve our scanning speed. We're also working on
> handling of encodings by the use of unicode strings across the whole
> framework, and making the user experience more intuitive in the UI.
>
> As usual, you can get our latest installable packages from the
> w3af.com [0] website! Just download and enjoy our latest improvements!
>
> [0] http://w3af.sourceforge.net/#download
>
> Regards,
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
> ------------------------------------------------------------------------------
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> http://p.sf.net/sfu/quest-d2dcopy1
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@...ts.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists