Seba, On Mon, Nov 17, 2008 at 12:03 PM, el draco <[EMAIL PROTECTED]> wrote: > hi folks, > > What about to make w3af a little bit more stable?, i know a lot of > people who get disappointed when w3af crashes or hang up. It even > makes me pray when i use it!
Are you using the latest version? In the latest version I haven't found a crash in some time. I totally accept that 3 months ago w3af was buggy and crashed a lot... but now it's much better =) Maybe w3af still consumes a lot of memory, which I'm going to fix in a near future, but crashes shouldn't be a problem (outside the already reported ones in the bug tracker) > wish list: > - that w3af finish every scan without crashing, with a reasonable (not > all of them) amount of vulns i already know are there, and without a > great amount (not zero) of false positives. > > This is a good goal to me. > > And yes, i think that a feature freeze is the solution to this problem. LOL, you and your feature freeze =) In the last months, there has been almost no new features added to the framework. What we've been trying to do is to make w3af more stable. If you check all my commit messages for the last months, you are going to see a lot of "removed false positive", "increased performance", "fixed bug" ; and almost none with "New way of detecting sql injection". Cheers, > cheers > > eldraco > > On Mon, Nov 10, 2008 at 2:03 PM, Andres Riancho > <[EMAIL PROTECTED]> wrote: >> List, >> >> This is a simple email that aims to set some objectives for the >> project near future, it's not definitive, you can contribute by adding >> or removing items (you are supposed to contribute!): >> >> What's being done right now: >> 1- I'm fixing some performance bugs, adding new simple features, >> and modifying the way the grep plugins work. This task is 95% done. >> 2- I'm adding new signatures and simple things to the audit plugins. >> 3- I've fixed a simple performance problem that allows the w3af >> xUrllib to perform 400 requests per second (250 req/sec before), and >> I'm going to continue with the performance enhancements until I get to >> a good limit (800 request per second for one single thread) >> >> What's next: >> 1- Fixing the proxy >> 2- Fixing general bugs >> 3- Testing w3af with sitegenerator >> 4- Keep working with w3af scripts until all plugins have a script >> with assert statements, which can be executed from "./w3af -t". This >> is like unittest for w3af. >> 5- Get more ideas from the list (this email!) >> 6- Releasing RC1 >> 7- Writing an article for securityfocus >> >> What do you guys think? >> >> Cheers, >> -- >> Andres Riancho >> http://w3af.sourceforge.net/ >> Web Application Attack and Audit Framework >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
