0.5 is up for grabs

The long awaited 0.5 release of Websecurify is available for download now. This release includes numerous improvements and paves the road to future technology innovations we are going to introduce in the following months.

As always, if you have any question, suggestions or recommendations for what future releases should be like, please drop us an email. We will be very happy to hear from you.

Websecurify 0.5RC1 Is Available for Download

The binaries are available from the download section. Thank you for making this software better with every single release.

What's New in Websecurify 0.5

Here is the updated list of the new exciting features that are coming in Websecurify 0.5:

• Improved user interface.
• The workspace window now has an Issue view which provides detailed information on each finding.
• Detailed reports which can be exported in CSV, HTM, XML and JSON.
• More complete spidering and analytical engines.
• Websecurify 0.5 will be able to detect CRLFI, LFI, Directory Listing, System Path disclosure vulnerabilities and it will be able to successfully extract other useful information while testing.
• The test engine is more capable and easily extensible.
• Internationalization is now supported everywhere including the reporting engine. This means that reports can be translated into any of the supported languages
• Many other small improvements which make Websecurify 0.5 a great product.

If you have any suggestions or bug reports please send them here.

Websecurify 0.5Beta1 Is Available for Download

The binaries are available from the download section. Thank you for making this software better with every single release.

Websecurify 0.5 in all of its Glory

The Upcoming 0.5

There are many exciting improvements in the upcoming release of Websecurify. For a start, many internal components have been rewritten for clarity, the performance has been vastly improved and the core API has been made even more stable and dynamic.

Here are some of the improvements in a bit more detail.

1. The welcome screen is still the same. It is nice and clean... the way we like it. Underneath you will find new features which will allow you to dynamically create, launch and manipulate tests, reports and workspaces.

2. Websecurify 0.5 is more than just a scanner. It is an integrated web application security testing runtime with builtin support for dynamic testing engines. In other words, Websecurify provides a powerful API to support numerous types of commercial and free testing engines. This API is also implemented and used across the entire environment. Once a scanner/testing engine is wrapped into our simple API interfaces, which btw can be written in JavaScript, Python, Java or C++, it will look, feel and act as a native component of the Websecurify environment and it will benefit all other features that come with it or as extensions.

3. The reporting engine has been vastly improved. Reports look now better and the internal code is much easier to read. There are 3 main exporting mechanism that come bultin into the environment. New mechanisms can be dynamically added. This means that the reporting engine can virtually export into any type of format.

4. A new view has been added to make issues easier to understand . Like any other part of the Websecurify Runtime, this view can be easily extended to provide any kind of additional information.

5. Websecurify 0.5 will also be available to Advanced users. The new version can record and display all HTTP transactions originating from your current workspace. This information is automatically saved into the workspace.

6. The HTTP Transactions view can be filtered to ease navigation. New filters can be dynamically integrated with the help of simple extensions.

7. Websecurify Advanced provides an integrated browser with multi-session support. You can spawn many internal browsers and browser sessions. All the browser traffic is recorded and can be easily referred to when required.

8. Every time a browser visits a page, the HTTP transaction is recorded and can be displayed and analysed if needed.

9. Session browsers can also record any subtransactions related to the currently displayed page. This method is in particular very useful when analysing complex AJAX applications as you will get a display of only the transactions specific to the current page and nothing else.

10. Many internal small improvements make the overall experience just great. A lot of time has been spent on defining clear and easier to use API to make further improvements easy to accomplish.

And this is just the beginning.

Websecurify Advanced is Coming Up in 2010

We are very excited to announce that we are soon to release Websecurify Advanced version.

The Advanced version is a fork from the Professional version and provides the core basics for writing sophisticated addons for professional use. The advanced version will come with built-in support for analysing requests and responses, ability to replay and tamper requests and a very simple, yet advanced, API to enable future extensions including but not limited to all extensions that come with Websecurify Professional.

Needless to say, Websecurify Advanced is a free product. This is our way of saying thank you to all countless open source developers who indirectly made this product possible.

From the Websecurify and GNUCITIZEN team, Happy New Year!