Hi...
I'm a QA Engineer and doing a research on Security Testing. I found that
w3af is a very good tool which supports for so many vulnerability types and
authenticated tests as well.
I just tried the tool for testing CSRF attacks in a web application and
same application was tested with Tamper Data firefox add-on as well (need
to test page by page manually). I'm happy to say that I got the results
almost similar in both the tools.
My intention was to evaluate w3af in order to get it adopted to our
security testing process and reduce the time taken for testing with Tamper
tool. Seems my evaluation got succeeded with positive results and seems we
can use w3af instead of Tamper Data and reduce lot of time.
I used w3af with spider_man plugin and accessed the system manually and let
the tool run for auditing CSRF.
However, here we are having monthly releases and have to do the same
testing every month. In that case do I need to enable spider_man plugin and
access the whole system manually for each time? Isn't there a way to do
this only one time and get the urls saved and reuse them?
Even though there are lots of tutorials and mailing lists over the
internet, couldn't find an answer for this. Please be kind enough to help
me and let me know whether this is possible with w3af. Thanks in advance.
Regards,
--
*Manori Wijesooriya*QA Engineer | *OrangeHRM Inc.*
www.orangehrm.com | www.orangehrmlive.com
Twitter <http://twitter.com/#%21/search/orangehrm> | LinkedIn
<http://www.linkedin.com/groups?gid=891077&trk=hb_side_g>* | *Facebook
<http://www.facebook.com/OrangeHRM>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users