List,
This is one of those great moments in the life of a project, a
moment that I've been dreaming about for a couple of years. We're
releasing a new version of w3af, but that's not important. The major
achievement is the story behind the release, the effort put in this
release by all the contributors, Javier Andalia (our core developer)
and Rapid7 (the company that allows all this to happen).
For the first time in the project's life, we have a roadmap [0] , a
prioritized backlog [1] and a structured development process we follow
to deliver new features and fixing bugs.
The efforts for this release have been major, some of them haven been
really organized like our sprints that started one month ago [2][3]
and some others can be tracked through the SVN logs, like Taras' great
improvements of the GUI.
Just to name a few things we've done for this release:
* We've written new HOWTO documents for our users
* Considerably improved the speed of all grep plugins
* Replaced Beautiful Soup by the faster libxml2 library
* Introduced the usage of XPATH queries that will allow us to
improve performance and reduce false positives
* Fixed hundreds of bugs
On this release you'll also find that after exploiting a vulnerability
you can leverage that access using our Web Application Payloads, a
feature that we developed together with Lucas Apa from Bonsai
Information Security. These payloads allow you to escalate privileges
and will help you get from a low privileged vulnerability (e.g. local
file read) to a remote code execution. In order to try them, exploit a
vulnerability, get any type of shell and then run any of the following
commands: help, lsp, payload tcp (the last one will show you the open
connections in the remote box).
We still have tons of things to do, but for the first time in the
project's life we have a defined process that will make us achieve our
objectives.
[0] https://sourceforge.net/apps/trac/w3af/roadmap
[1] https://sourceforge.net/apps/trac/w3af/report/1
[2]
https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-1
[3]
https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-2
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
