Taras,
On Thu, Aug 19, 2010 at 7:48 AM, Taras <ox...@oxdef.info> wrote:
> Hi, all!
>
> I have some ideas about things W3AF needs to become enterprise solution:
And who wants w3af as an enterprise solution? :) Please don't
mistake rapid7's sponsorship with a move to have an enterprise
solution. At least for now, this is not our objective. I'll answer the
rest of the email, but just thinking about how to enhance/improve
w3af.
> 1. Usable login area scan capabilities. We can make something like in
> Acunetix (How it made in other scanners).
> e.g. special (plain text) files with auth information:
> - login request
> - logout request
> - check session request
> We can record it with our proxy tool
I think this is one must have feature, but right now I think we
need to fix the existing bugs and enhance the framework's performance.
Once we have that, it will be much easier to build on top of it.
> 2. URLrewrite support (Apache,Lighttpd) - it looks like not very hard to
> implement
This would be a nice feature, too, and as you say it wouldn't be
hard to implement.
> 3. Web interface - Django or webpy?
That's a big decision to make, basically, if we have a webUI we
would be able to provide some kind of w3af SaaS... but for now the
console and the GUI are more than enough.
> 4. At least of course "enterprise level" reporting - PDF with nice pictures :)
hehe, yes... current reporting features suck :P
> For the future - we really need more powerful AJAX support:
> - FF plugin
> - own parsing engine (webkit+v8)?
> - selenium
I think that this is another feature that needs to be added. I've
been working on supporting client side technologies in the past, and
it's not easy at all. The good news is that a full time employee is
joining the w3af team as of Sep 6! After this, everything will be
*much* easier!
> What do you guys think about these thigns?
>
> --
> Taras
> http://oxdef.info
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
