Web Application Attack and Audit Framework 1.0 arrives
The w3af development team has released version 1.0 of its Web Application Attack and Audit Framework (w3af). Commenting on the release, the developers say that: "Having a stable code-base is no joke, it requires countless hours of writing unit-tests, running w3af scripts and most importantly: fixing bugs," adding: "Now, finally we're here!"
The project's first stable 1.0 release features an auto-update function that allows users to keep their w3af installation updated "without any effort" and, according to the developers, reduces "crashes to a minimum". Other changes include support for Web Application Payloads, various performance improvements in the SQLite database and a PHP static code analyser that performs tainted mode analysis of PHP code in order to identify SQL injections. The developers note that a "huge" codebase refactoring has also taken place that affects how URLs are handled.
Written in Python, w3af is a framework that allows users to easily "find and exploit web application vulnerabilities". The project offers more than 130 plugins which check for, for example, SQL injection, cross site scripting (xss) and local and remote file inclusion. A number of video demos are provided on the project's web site.
Further details about the release, including a full list of new features, can be found in the official release announcement. Version 1.0 of w3af is available to download as a .tar.bz2 compressed file or as a Windows installer. Hosted on Source Forge, Web Application Attack and Audit Framework source code is licensed under the GPL.