Stephen, the main feature for 3.3 of w3af_webui is statistics & diagrams to make w3af more usable for enterprise usage. Support of AJAX web apps is good point for research. It is really difficult to implement but modern web application scanner should support it.
I have already made some experiments on integration Selenium and w3af for naturally detecting DOM-based XSS (this research available only on Russian, sorry). Such integration have and advantages and disadvantages (very slow solution). I think we will discuss it a lot with Andres and all you guys at w3af-develop@. Stay tuned ;) On 05/17/2012 06:59 PM, Stephen Breen wrote: > Great! I look forward to trying it out. > > Just curious, how to you plan to support AJAX webapps in 3.3? Using some > kind of browser automation like Selenium? > > On Thu, May 17, 2012 at 11:47 AM, Taras <ox...@oxdef.info > <mailto:ox...@oxdef.info>> wrote: > > Hi, all! > > We are glad to inform you that 3.2 version of w3af_webui has been > released. > You can get it from w3af's SVN repository [0] - we will be happy to get > feedback from you ;) > > Changelog > ========== > > * Reports now are fully stored in DB what gives us possibility to make a > lot of useful things like statistics & diagrams > * This improvement also made possible to add filtering by severity into > report's view > * New types of notifications (e.g. send e-mail notification only when > vulnerabilities are found) - now you will get it only when you really > need to know about it. > * Fixed bugs > > Our plans to 3.3 > ================ > > * statistics & diagrams to make possible understand current state and > history of target web application security > * very experimental support for testing AJAX web apps > * UI improvements > > > [0] > http://w3af.svn.sourceforge.net/svnroot/w3af/extras/w3af_webui/tags/3.2/ > > -- > Taras > http://oxdef.info > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > <mailto:W3af-develop@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Taras http://oxdef.info ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
