border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Monday, June 6, 2011

w3af 1.0 stable released (PHP Code Analyzer Added)


w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much.

NEW FEATURES
  • Auto-Update, which will allow you to keep your w3af installation updated without any effort. Always get the latest and greatest from our contributors!
  • Web Application Payloads, for people that enjoy exploitation techniques, this is one of the most interesting things you’ll see in web application security! We created various layers of abstraction around an exploited vulnerability in order to be able to write payloads that use emulated syscalls to read, write and execute files on the compromised web server. Keep an eye on this blog for an entry completely dedicated to this subject!
  • PHP static code analyzer, as part of a couple of experiments and research projects, Javier Andalia created a PHP static code analyzer that performs tainted mode analysis of PHP code in order to identify SQL injections, OS Commanding and Remote File Includes. At this time you can use this very interesting feature as a web application payload. After exploiting a vulnerability try: “payload php_sca”, that will download the remote PHP code to your box and analyze it to find more vulnerabilities!
IMPROVEMENTS

  • Refactoring of HTTP cache and GTK user interface code to store HTTP requests only once on disk (5% performance improvement)
  • Performance improvement in sqlite database by using indexes (1% performance improvement)
  • Huge w3af code-base refactoring on how URLs are handled. Moved away from handling URLs as strings into a url_object model. This reduces the number of times a URL is parsed into its component pieces (protocol, domain, path, query string, etc.) and put back together into a string, which clarifies the code and makes it run faster.

No comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More