Description: This is the video of the presentation titled "W3af - A Framework to own the web" given by Andrés Riancho at AppSec 2008.
Talk Description: Web application auditing and exploiting is an art, but even art needs help of tools to make the process faster and more accurate. Right now open source tools like nikto, wapiti, pantera and others try to find vulnerabilities in web applications but lack many features and configuration options. Commercial tools have the features, at the expense of high product costs, and aren't as dynamic as open source projects.
w3af ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and exploitation of all web application vulnerabilities. The project objective is to become an open platform where anyone can contribute with code and new technics. w3af is extended using plugins that are fully written in python, right now the project has more than 80 plugins and 30K lines of code!
The framework is divided into three phases: discovery, audit and attack. All plugins smoothly communicate with each other and work together to achieve the objective; w3af replaces standalone tools and makes web penetration testing as easy as possible; any wierd characteristic can be added as a plugin and consume all the features of the framework.
w3af implements many exploit plugins and features to aid this process, not less important are the discovery and audit plugins that will find those vulnerabilities for you to exploit! w3af one tool to rule them all.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: