Websecurify

The Official Websecurify Release 0.3 is Out

The official Websecurify Release 0.3 is OUT. You can download it from the usual place or the main webiste.

This release completes the 0.3 cycle. In other words there will be no more 0.3 releases. The next one is 0.4 which will bring a lot more innovation and very different core architecture. 0.4Alpha1 together with Websecurify Pro should be expected somewhere in the next couple of weeks.

I also would like to use the opportunity to thank to everybody who have tested Websecurify so far. In particular I would like to thank to gerard.hache, jahboite, ryan (ethicalhack3r) and Dave Hewson for providing early feedback, patches and support. I would like also to thank to all twitter users who re-tweeted my posts and as such helped to spread the word.

Websecurify Snapshots Preview

This is a preview of Websecurify Pro Snapshot feature.

More Screenshots from Websecurify Pro

Here are some more screenshots from the upcoming Websecurify Pro.

Yes, it is awesome!

Extensions Writing Guide and More

With the release of 0.3RC2 we are preparing to put a tutorial on how easy it is to write a new extension for the Websecurify platform. Although we are going to put a lot of effort in pulling all of our experience in this guide, we hope that you can give us a hand.

If you have experience with either xulrunner or firefox extension development and you think that you can spare a few minutes to dump some of your experience into the extensions writing guide, please do let us know.

Websecurify 0.3RC2 is Out

Websecurify 0.3RC2 is out and you can download it from our source code repository.

This release is made of stability patches mostly. A lot of the code has been refactored and prepared for Websecurify Pro, which will be released soon.

Early Preview of Websecurify Pro

It won't be ready not until Websecurify 0.4 or Websecurify 0.5 event but here it is - a work in progress.

What you see is Websecurify Pro packed together with another awesome extension I am going to talk about some other time.

How to Report Issues

It is essential for us that we keep in touch with the community. If you encounter any errors, bugs and defects within the software or you would like to see a certain feature being implemented you can either log your request/report at our issue tracker or you can visit our groups and drop us a message there.

Websecurify 0.3RC1 is Out

Websecurify 0.3 Release Candidate 1 is out. You can download it from the source code repository over here. Give it a try and let us know about bugs, features, etc.

Again, this is not the official 0.3 release.

Why Websecurify?

You may ask yourself What is so different about Websecurify Security Testing Framework? I am planning to get in a bit more detail on the GNUCITIZEN blog on this topic. However, here and now I would like to list some the key features:

JavaScript - Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments - The core technology can run in normal browsers, xulrunner, xpcshell (command line), inside Java or as part of a custom V8 (Chrome's JavaScript Engine) build. The core is written with extensibility in mind so that more environments can be supported without changing even a single line of code.
Multi-platform - The tool is available and successfully runs on Windows, Mac OS, Linux and other operating systems.
Automatic Updates - Every single piece of the tool is subjected to automatic updates. This means that newer and more advanced versions of the tool can be shipped to your front door without you lifting your finger. This however is completely optional. The automatic update can be turned off if needed.
Extensions - Because the tool comes wrapped in xulrunner by default (keep in mind that we can support any other JavaScript environment) we benefit from all cool features that Firefox has, such as extensions. Extensions are easy to write and maintain and can customize every single aspect of the tool and there are already tones of resources and documentation, including books and what not, out there to teach you exactly how to do that. We will be providing documentation as well.

And these are just a few of the good features we support by default. Of course, there is always room for improvement and therefore we will keep working on the areas that require our attention.

Source Code Repository and Groups

We are soon to release Websecurify 0.3RC1 which is very exciting as this is the first version that will be available for all major operating systems. In the meanwhile, you can check our source code repository here or subscribe to the groups (mailing list) over here.

It will be very help and interesting to tell us what do you want to see in upcoming version of Websecurify and also we hope that we can convert the groups into an excellent place for sharing ideas and techniques related to web and web2.0 security.

Stay tuned! The good stuff are yet to come.

Websecurify 0.3, XPCSHELL and Monkey Patches

Websecurify 0.3 is coming nicely. We've added tones new of new features including automatic detection for CSRF, various types of cookie vulnerabilities and other types of long-hanging fruit. Some of the major improvements in 0.3 include:

The new main screen now has a button that allows to login to the targeted application before proceeding with the automated test.

The reporting system has been refactored successfully and now reports are a lot more detailed and provide loads of new features.

The 0.3 version also comes with a monkey patch, a mockup, environment for xpcshell so that the entire testing engine can be launched as a command line utility. More on that to be expected soon.

This, however, is not all. We are working on many more improvements to be released as Websecurify 0.3. Stay tuned!

Navigation

Blog

Websecurify | Blog