[Owasp-board] Fw: [W3af-users] OWASP SoC 2008

tomb at owasp.org tomb at owasp.org
Wed Mar 19 09:47:39 UTC 2008

I have been working with Andres on making this happen for over 6+ months. 
I believe that this submission will greatly raise the visibility of OWASP as a de facto tool and open.

He has also agreed to be a speaker for NYC 2008, I hope we can get this one approved.  

------Original Message------
From: Andres Riancho
To: W3af-users
Sent: Mar 18, 2008 10:34 PM
Subject: [W3af-users] OWASP SoC 2008


    I would like to let you know that Facundo has submitted w3af to
the OWASP SoC 2008. We have been working on this idea for some time,
and after some serious thinking and definition of the tasks to perform
during those months we decided to submit this:

Specific activities and who will carry out these activities

- Design and code new windows and interfaces to increase the
functionality of the project.
- Tuning of the process workflow, allowing a more intuitive way of working.
- Visual polishing for a more pleasant and intuitive tool.
- Usability tests and improvements.

Specific deliverables and a rough project schedule so we can track progress

New features implemented in the pyGTK user interface:
- Local proxy to trap and modify requests and responses sent from a browser.
- Manually send a request and analyze the response.
- Manually create a fuzzed requests based on tokens, so user can
construct easily differents HTTP request with a regex-like semantics.
- Wizard to perform a vulnerability assessment.
- Graphical display of site map and vulnerabilities.
- Reload a plugin after its edited from within the pyGTK user interface.
- Embebed tool to encode/decode URL/Base64 and to hash sha1/md5.
- HTTP response side by side content compare.

Usability improvements in the pyGTK user interface:

- Meetings with a usability expert that the w3af team leader has
already contacted and worked with.
- Kill all pending bugs and make a stable release.


- Users guide for the pyGTK user interface.
- Help system for the GUI itself

    The submission is still to be approved but I have a lot of faith
on it ! =) If this really happens, w3af will be one step closer to be
a full featured framework ! The complete submission can be found here:


Andres Riancho
Web Application Attack and Audit Framework

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
W3af-users mailing list
W3af-users at lists.sourceforge.net

Sent via BlackBerry from T-Mobile

More information about the Owasp-board mailing list