Great news!!!11 I've reposted it in my blog [0] =) [0] http://blog.oxdef.info/2011/05/w3af-10-stable-released.html
On Wed, 2011-05-25 at 10:46 -0300, Andres Riancho wrote: > List, > > Since our latest w3af release in mid January, and our new windows > installer release a couple of months ago, we've got lots of > encouraging words telling us we are going in the right direction. The > objective was near and we could almost taste it. Having a stable > code-base is no joke, it requires countless hours of writing > unit-tests, running w3af scripts and most importantly: fixing bugs. > Now, finally we're here! > > In this latest release, we bring you a couple of the most > important improvements of our framework: > > * Stable code base, an improvement that will reduce your w3af > crashes to a minimum. We've been working on fixing all of our > long-standing bugs, wrote thousands of lines of doctests and various > types of automation to make sure we can also keep improving without > breaking other sections of the code. > > * Auto-Update, which will allow you to keep your w3af > installation updated without any effort. Always get the latest and > greatest from our contributors! > > * Web Application Payloads, for people that enjoy exploitation > techniques, this is one of the most interesting things you'll see in > web application security! We created various layers of abstraction > around an exploited vulnerability in order to be able to write > payloads that use emulated syscalls to read, write and execute files > on the compromised web server. Keep an eye on the rapid7 community > blog an entry completely dedicated to this subject! > > * PHP static code analyzer, as part of a couple of experiments > and research projects, Javier Andalia created a PHP static code > analyzer that performs tainted mode analysis of PHP code in order to > identify SQL injections, OS Commanding and Remote File Includes. At > this time you can use this very interesting feature as a web > application payload. After exploiting a vulnerability try: "payload > php_sca", that will download the remote PHP code to your box and > analyze it to find more vulnerabilities! > > And many others, such as: > > * Refactoring of HTTP cache and GTK user interface code to > store HTTP requests only once on disk (5% performance improvement) > * Performance improvement in sqlite database by using indexes > (1% performance improvement) > * Huge w3af code-base refactoring on how URLs are handled. > Moved away from handling URLs as strings into a url_object model. This > reduces the number of times a URL is parsed into its component pieces > (protocol, domain, path, query string, etc.) and put back together > into a string, which clarifies the code and makes it run faster. > > We have a stable release, w0000t! Hmmmm.... have we finished? Should > we go home? No! We still have work to do; there are still features and > capabilities we'd like to add. For example,as you read this, we're > working on integrating the multiprocessing module into w3af's code, > with the objective of using more than one CPU core at the same time > and substantially improve our scanning speed. We're also working on > handling of encodings by the use of unicode strings across the whole > framework, and making the user experience more intuitive in the UI. > > As usual, you can get our latest installable packages from the > w3af.com [0] website! Just download and enjoy our latest improvements! > > [0] http://w3af.sourceforge.net/#download > > Regards, -- Taras http://oxdef.info ---- "Software is like sex: it's better when it's free." - Linus Torvalds ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
