Lists,
Just wanted to send you an update of what I'm doing these days
with w3af. The most basic answer would be: "Writing lots of unittests
while rewriting MANY parts of the framework".
After starting to spend more time on it , I realized that the
framework had lots of very old pieces of code in it, code snippets
that were written by me >5years ago and were awful [0]; so I started
to rewrite most of them and found myself refactoring the whole core in
order to use a producer/consumer design pattern with threads [1][2].
In this process I've decided to write a unittest for every file I
change (if it didn't had one already) which is going to allow me to be
99% sure that things work as expected.
These changes will allow more than one plugin to run at the same
time, actually, this changes everything since w3af will be able to
crawl a site and as soon as one parameter is found the information
will be put in a Queue for audit plugins to analyze all at the same
time. Scan time will decrease drastically, I'll show stats when I'm
done.
My TODO list is here [3] in case you're wondering what's next on
my list :) Sadly, this is a very complex change that will modify too
many framework sections and requires lots of previous knowledge, so
you guys won't be able to help :(
[0] In all aspects: performance, readability, cosmetic, bugs, false
positives, etc.
[1] https://sourceforge.net/apps/trac/w3af/browser/branches/threading2
[2]
https://sourceforge.net/apps/trac/w3af/browser/branches/threading2/core/controllers/coreHelpers/consumers
[3] https://sourceforge.net/apps/trac/w3af/wiki/andres%27-TODO
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
