On Sun, Sep 27, 2009 at 11:07 AM, Andres Riancho <[email protected]> wrote: > Steve, > > On Sun, Sep 27, 2009 at 7:39 AM, steve jacobs <[email protected]> > wrote: >> Thanks for the reply. For a beginner who doesnt want to bring down our site, >> corrupt the DB etc, which plugins should we steer clear of just to get a >> feel for w3af. Namely which w3af plugins can do significant damage? > > If you keep away from the attack plugins, you'll be ok. Start out with > a simple discovery.webSpider + audit.sqli + audit.xss and you'll get > an idea of the framework,
I just want to add something here, if your web application has a form which allows input without authentification, for example an anonymous comment box, the audit plugins will most likely add a lot of junk to your website. The best thing would be to run w3af (are any similar tool) against a test server instead of the production one. > >> Also for the scans, do you run it per application, or page page in the >> application. > > Per application. > >> Could I just run it against www.myapp.com >> >> Or would it need run against >> www.myapp.com/search/ www.myapp.com/adminconsole/ etc? > > Point it to www.myapp.com , and enable the webSpider plugin, that > plugin should find all the links. > > Cheers, > >> Regards, >> >>> From: [email protected] >>> Date: Fri, 25 Sep 2009 13:42:38 -0300 >>> Subject: Re: [W3af-users] Plugins >>> To: [email protected] >>> CC: [email protected] >>> >>> Steve, >>> >>> On Fri, Sep 25, 2009 at 1:27 PM, steve jacobs <[email protected]> >>> wrote: >>> > Does anyone have a document that lists and describes all the w3af >>> > plugins, >>> > what they do, and what the potential risk impact is by running them? >>> >>> Please read this [0] link, there you'll find the description for each >>> plugin. Regarding the impact of running each plugin... no... there is >>> nothing about that. >>> >>> [0] http://w3af.sourceforge.net/plugin-descriptions.php >>> >>> > By installing w3af have I got all the plugins, or can you download >>> > individual ones? >>> >>> By installing w3af, you get all the plugins. >>> >>> > Regards. >>> > >>> > ________________________________ >>> > View your Twitter and Flickr updates from one place - Learn more! >>> > >>> > ------------------------------------------------------------------------------ >>> > Come build with us! The BlackBerry® Developer Conference in SF, CA >>> > is the only developer event you need to attend this year. Jumpstart your >>> > developing skills, take BlackBerry mobile applications to market and >>> > stay >>> > ahead of the curve. Join us from November 9-12, 2009. Register >>> > now! >>> > http://p.sf.net/sfu/devconf >>> > _______________________________________________ >>> > W3af-users mailing list >>> > [email protected] >>> > https://lists.sourceforge.net/lists/listinfo/w3af-users >>> > >>> > >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >> >> ________________________________ >> Beyond Hotmail - see what else you can do with Windows Live. Find out more. > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
