The sys admin’s daily grind: w3af

Braving the Gap

Author(s):

After toiling away to create a small but exclusive website, Charly wanted to run a security scanner against it to check for vulnerabilities. The choice of tools is enormous, but Charly chose w3af.

Penetration testing is really a task for specialists who are familiar with the tools of the trade, understand potential vulnerabilities and attack vectors, and test them on a case-by-case basis. The basic principle is not to fire a broadside at the target but carefully to identify the weak points and select an attack method to match. Suitable tools certainly are not lacking, and Metasploit and OpenVAS are totally over the top if you just want to check whether your new website contains any bugs that expose it to cross-site scripting or SQL injection. For performing a small check, I prefer to use the Web Application Attack and Audit Framework (w3af).

Our Services

Read full article as PDF » 069-069_charly.pdf (886.59 kB)
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF » 069-069_charly.pdf (886.59 kB)

Tag Cloud

Android Bruce Byfield Gnome KDE Linux Pro Magazine Open Source Projects Red Hat Ubuntu events foss free software google linux

News