Hi all,I'm evaluating w3af to help evaluate the (common) two concerns:
1) The vulnerability assessment of a web application.
2) Reporting of vulnerability assessment in a consistent fashion back to
consumers/decision makers.
Number 2 seems to be one of my biggest struggles. I saw the recent ASVS as a
level of vulnerability assessment, which I'm very happy to see (compared to
WASC, where I can't really find a 'level of assessment' type of measurement).
Also, the OWASP has regularly been one of big 'hit list' items, but changes
periodically so I was wondering if the w3af OWASP profile will be adjusting to
have a profile on a per-period/year basis for consistency (i.e. 2009 OWASP TOP
10 profile, and a 2010 OWASP TOP 10 profile).
Let me know your thoughts, I do not claim to be an expert!
-D
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
