If you are responsible for the security of your web applications, you know that auditing them for vulnerabilities is a challenging task. You will want to get familiar with the W3AF Web application attack and auditing framework to test your web applications before an attacker with malicious intent does it for you.
W3AF is designed for automated penetration testing of web applications. It comes with built-in utilities that helps you automate the process of vulnerability discovery and exploitation. If you are familiar with Metasploit, the popular penetration testing framework, you should find W3AF easy to use.
The system is written in Python, and you get a console-based workbench and a selection of discovery techniques and exploitation methods. Just like Metasploit, the whole is pluggable, so that third parties can define their own discovery and exploitation methods.
Does it really work? Based on our tests, we can say, yes. Do the install, read the documentation, type a few commands and you can discover vulnerabilities in your web application. Download W3AF here.
Contact
Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com
subscribe
Search
Latest Entries
- msramdmp: Dump RAM from a USB stick
- SWFIntruder: Are your Flash applications secure?
- Untidy: Python-based XML fuzzer
- Jailbreaking iPhone software v1.1.1
- Secure browsing with Squid and SSH
- Combat spam with Gmail aliases
- 5 Essential laptop security tips
- Email encryption with GPG and Mail.app
- Firefox: Disable suspicious JavaScript features
- aSSL: Add SSL to your Ajax application
Archives
