[Owasp-board] Fw: [W3af-users] OWASP SoC 2008
jeff.williams at owasp.org
Wed Mar 19 13:17:17 UTC 2008
Will w3af become an official "OWASP Project"? For me, that's a big factor
in whether we can approve a grant.
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of tomb at owasp.org
Sent: Wednesday, March 19, 2008 5:48 AM
To: OWASP Foundation Board List
Subject: [Owasp-board] Fw: [W3af-users] OWASP SoC 2008
I have been working with Andres on making this happen for over 6+ months.
I believe that this submission will greatly raise the visibility of OWASP as
a de facto tool and open.
He has also agreed to be a speaker for NYC 2008, I hope we can get this one
From: Andres Riancho
Sent: Mar 18, 2008 10:34 PM
Subject: [W3af-users] OWASP SoC 2008
I would like to let you know that Facundo has submitted w3af to
the OWASP SoC 2008. We have been working on this idea for some time,
and after some serious thinking and definition of the tasks to perform
during those months we decided to submit this:
Specific activities and who will carry out these activities
- Design and code new windows and interfaces to increase the
functionality of the project.
- Tuning of the process workflow, allowing a more intuitive way of working.
- Visual polishing for a more pleasant and intuitive tool.
- Usability tests and improvements.
Specific deliverables and a rough project schedule so we can track progress
New features implemented in the pyGTK user interface:
- Local proxy to trap and modify requests and responses sent from a browser.
- Manually send a request and analyze the response.
- Manually create a fuzzed requests based on tokens, so user can
construct easily differents HTTP request with a regex-like semantics.
- Wizard to perform a vulnerability assessment.
- Graphical display of site map and vulnerabilities.
- Reload a plugin after its edited from within the pyGTK user interface.
- Embebed tool to encode/decode URL/Base64 and to hash sha1/md5.
- HTTP response side by side content compare.
Usability improvements in the pyGTK user interface:
- Meetings with a usability expert that the w3af team leader has
already contacted and worked with.
- Kill all pending bugs and make a stable release.
- Users guide for the pyGTK user interface.
- Help system for the GUI itself
The submission is still to be approved but I have a lot of faith
on it ! =) If this really happens, w3af will be one step closer to be
a full featured framework ! The complete submission can be found here:
Web Application Attack and Audit Framework
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
W3af-users mailing list
W3af-users at lists.sourceforge.net
Sent via BlackBerry from T-Mobile
Owasp-board mailing list
Owasp-board at lists.owasp.org
More information about the Owasp-board