W3AF v1.0-rc3 released

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much

The development team is proud to announce a new w3af release! Some
of the features of the 1.0-rc3 version are:

  • Enhanced GUI, including huge changes in the MITM proxy and the Fuzzy
    Request Editor
  • Increased speed by rewriting parts of the thread management code
  • Fixed tons of bugs
  • Reduced memory usage
  • Many plugins were rewritten using different techniques that use less
    HTTP requests to identify the same vulnerabilities
  • Reduced false positives
PNG - 29 kb

Framework features

  • urllib2 wrapper
  • Output Management
  • Web Service support
  • HTTP headers fuzzing
  • IPC
  • Session saving
  • Fuzzer
  • HTML / WML parsing
  • Support of Plugins

Update submitted by Andres Riancho (the developer of w3af)

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Related Articles

Application Scanner
Vulnerability Scanner