Hani,
On Wed, May 25, 2011 at 5:24 PM, Hani Benhabiles <kroo...@gmail.com> wrote:
> Great job guys !
> I will be posting tutorials as soon as I can. I just hope that the manual
> testing tools are stable enough.
> By the way, Pypy 1.5 version was released about 3 weeks ago, which is
> claimed to be the first production ready version. The maintainers show
> numbers of it being less memory hungry and faster than CPython
> implementation while being almost a drop-in replacement for 2.7.1 . It would
> be interesting to see how w3af runs on it.
Hmmm, interesting! One of our next goals is going to focus on
memory usage and CPU performance improvements, so this might come very
handy!
Regards,
> Hani
>
> On Wed, May 25, 2011 at 9:14 PM, Andres Riancho <andres.rian...@gmail.com>
> wrote:
>>
>> Taras,
>>
>> On Wed, May 25, 2011 at 3:42 PM, Taras <ox...@oxdef.info> wrote:
>> > Great news!!!11 I've reposted it in my blog [0] =)
>>
>> Great! Thanks for spreading the word!
>>
>> > [0] http://blog.oxdef.info/2011/05/w3af-10-stable-released.html
>> >
>> > On Wed, 2011-05-25 at 10:46 -0300, Andres Riancho wrote:
>> >> List,
>> >>
>> >> Since our latest w3af release in mid January, and our new windows
>> >> installer release a couple of months ago, we've got lots of
>> >> encouraging words telling us we are going in the right direction. The
>> >> objective was near and we could almost taste it. Having a stable
>> >> code-base is no joke, it requires countless hours of writing
>> >> unit-tests, running w3af scripts and most importantly: fixing bugs.
>> >> Now, finally we're here!
>> >>
>> >> In this latest release, we bring you a couple of the most
>> >> important improvements of our framework:
>> >>
>> >> * Stable code base, an improvement that will reduce your w3af
>> >> crashes to a minimum. We've been working on fixing all of our
>> >> long-standing bugs, wrote thousands of lines of doctests and various
>> >> types of automation to make sure we can also keep improving without
>> >> breaking other sections of the code.
>> >>
>> >> * Auto-Update, which will allow you to keep your w3af
>> >> installation updated without any effort. Always get the latest and
>> >> greatest from our contributors!
>> >>
>> >> * Web Application Payloads, for people that enjoy exploitation
>> >> techniques, this is one of the most interesting things you'll see in
>> >> web application security! We created various layers of abstraction
>> >> around an exploited vulnerability in order to be able to write
>> >> payloads that use emulated syscalls to read, write and execute files
>> >> on the compromised web server. Keep an eye on the rapid7 community
>> >> blog an entry completely dedicated to this subject!
>> >>
>> >> * PHP static code analyzer, as part of a couple of experiments
>> >> and research projects, Javier Andalia created a PHP static code
>> >> analyzer that performs tainted mode analysis of PHP code in order to
>> >> identify SQL injections, OS Commanding and Remote File Includes. At
>> >> this time you can use this very interesting feature as a web
>> >> application payload. After exploiting a vulnerability try: "payload
>> >> php_sca", that will download the remote PHP code to your box and
>> >> analyze it to find more vulnerabilities!
>> >>
>> >> And many others, such as:
>> >>
>> >> * Refactoring of HTTP cache and GTK user interface code to
>> >> store HTTP requests only once on disk (5% performance improvement)
>> >> * Performance improvement in sqlite database by using indexes
>> >> (1% performance improvement)
>> >> * Huge w3af code-base refactoring on how URLs are handled.
>> >> Moved away from handling URLs as strings into a url_object model. This
>> >> reduces the number of times a URL is parsed into its component pieces
>> >> (protocol, domain, path, query string, etc.) and put back together
>> >> into a string, which clarifies the code and makes it run faster.
>> >>
>> >> We have a stable release, w0000t! Hmmmm.... have we finished? Should
>> >> we go home? No! We still have work to do; there are still features and
>> >> capabilities we'd like to add. For example,as you read this, we're
>> >> working on integrating the multiprocessing module into w3af's code,
>> >> with the objective of using more than one CPU core at the same time
>> >> and substantially improve our scanning speed. We're also working on
>> >> handling of encodings by the use of unicode strings across the whole
>> >> framework, and making the user experience more intuitive in the UI.
>> >>
>> >> As usual, you can get our latest installable packages from the
>> >> w3af.com [0] website! Just download and enjoy our latest improvements!
>> >>
>> >> [0] http://w3af.sourceforge.net/#download
>> >>
>> >> Regards,
>> >
>> > --
>> > Taras
>> > http://oxdef.info
>> > ----
>> > "Software is like sex: it's better when it's free." - Linus Torvalds
>> >
>> >
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>>
>>
>> ------------------------------------------------------------------------------
>> vRanger cuts backup time in half-while increasing security.
>> With the market-leading solution for virtual backup and recovery,
>> you get blazing-fast, flexible, and affordable data protection.
>> Download your free trial now.
>> http://p.sf.net/sfu/quest-d2dcopy1
>> _______________________________________________
>> W3af-users mailing list
>> w3af-us...@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
>
> --
> Twitter: @kroosec
>
>
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
