Great job guys !
I will be posting tutorials as soon as I can. I just hope that the manual
testing tools are stable enough.
By the way, Pypy 1.5 version was released about 3 weeks ago, which is
claimed to be the first production ready version. The maintainers show
numbers of it being less memory hungry and faster than CPython
implementation while being almost a drop-in replacement for 2.7.1 . It would
be interesting to see how w3af runs on it.
Hani
On Wed, May 25, 2011 at 9:14 PM, Andres Riancho <andres.rian...@gmail.com>wrote:
> Taras,
>
> On Wed, May 25, 2011 at 3:42 PM, Taras <ox...@oxdef.info> wrote:
> > Great news!!!11 I've reposted it in my blog [0] =)
>
> Great! Thanks for spreading the word!
>
> > [0] http://blog.oxdef.info/2011/05/w3af-10-stable-released.html
> >
> > On Wed, 2011-05-25 at 10:46 -0300, Andres Riancho wrote:
> >> List,
> >>
> >> Since our latest w3af release in mid January, and our new windows
> >> installer release a couple of months ago, we've got lots of
> >> encouraging words telling us we are going in the right direction. The
> >> objective was near and we could almost taste it. Having a stable
> >> code-base is no joke, it requires countless hours of writing
> >> unit-tests, running w3af scripts and most importantly: fixing bugs.
> >> Now, finally we're here!
> >>
> >> In this latest release, we bring you a couple of the most
> >> important improvements of our framework:
> >>
> >> * Stable code base, an improvement that will reduce your w3af
> >> crashes to a minimum. We've been working on fixing all of our
> >> long-standing bugs, wrote thousands of lines of doctests and various
> >> types of automation to make sure we can also keep improving without
> >> breaking other sections of the code.
> >>
> >> * Auto-Update, which will allow you to keep your w3af
> >> installation updated without any effort. Always get the latest and
> >> greatest from our contributors!
> >>
> >> * Web Application Payloads, for people that enjoy exploitation
> >> techniques, this is one of the most interesting things you'll see in
> >> web application security! We created various layers of abstraction
> >> around an exploited vulnerability in order to be able to write
> >> payloads that use emulated syscalls to read, write and execute files
> >> on the compromised web server. Keep an eye on the rapid7 community
> >> blog an entry completely dedicated to this subject!
> >>
> >> * PHP static code analyzer, as part of a couple of experiments
> >> and research projects, Javier Andalia created a PHP static code
> >> analyzer that performs tainted mode analysis of PHP code in order to
> >> identify SQL injections, OS Commanding and Remote File Includes. At
> >> this time you can use this very interesting feature as a web
> >> application payload. After exploiting a vulnerability try: "payload
> >> php_sca", that will download the remote PHP code to your box and
> >> analyze it to find more vulnerabilities!
> >>
> >> And many others, such as:
> >>
> >> * Refactoring of HTTP cache and GTK user interface code to
> >> store HTTP requests only once on disk (5% performance improvement)
> >> * Performance improvement in sqlite database by using indexes
> >> (1% performance improvement)
> >> * Huge w3af code-base refactoring on how URLs are handled.
> >> Moved away from handling URLs as strings into a url_object model. This
> >> reduces the number of times a URL is parsed into its component pieces
> >> (protocol, domain, path, query string, etc.) and put back together
> >> into a string, which clarifies the code and makes it run faster.
> >>
> >> We have a stable release, w0000t! Hmmmm.... have we finished? Should
> >> we go home? No! We still have work to do; there are still features and
> >> capabilities we'd like to add. For example,as you read this, we're
> >> working on integrating the multiprocessing module into w3af's code,
> >> with the objective of using more than one CPU core at the same time
> >> and substantially improve our scanning speed. We're also working on
> >> handling of encodings by the use of unicode strings across the whole
> >> framework, and making the user experience more intuitive in the UI.
> >>
> >> As usual, you can get our latest installable packages from the
> >> w3af.com [0] website! Just download and enjoy our latest improvements!
> >>
> >> [0] http://w3af.sourceforge.net/#download
> >>
> >> Regards,
> >
> > --
> > Taras
> > http://oxdef.info
> > ----
> > "Software is like sex: it's better when it's free." - Linus Torvalds
> >
> >
> >
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
>
> ------------------------------------------------------------------------------
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> http://p.sf.net/sfu/quest-d2dcopy1
> _______________________________________________
> W3af-users mailing list
> w3af-us...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Twitter: @kroosec
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
