Websecurify

Here is the updated list of the new exciting features that are coming in Websecurify 0.5:

Improved user interface.
The workspace window now has an Issue view which provides detailed information on each finding.
Detailed reports which can be exported in CSV, HTM, XML and JSON.
More complete spidering and analytical engines.
Websecurify 0.5 will be able to detect CRLFI, LFI, Directory Listing, System Path disclosure vulnerabilities and it will be able to successfully extract other useful information while testing.
The test engine is more capable and easily extensible.
Internationalization is now supported everywhere including the reporting engine. This means that reports can be translated into any of the supported languages
Many other small improvements which make Websecurify 0.5 a great product.

If you have any suggestions or bug reports please send them here.

There are many exciting improvements in the upcoming release of Websecurify. For a start, many internal components have been rewritten for clarity, the performance has been vastly improved and the core API has been made even more stable and dynamic.

Here are some of the improvements in a bit more detail.

1. The welcome screen is still the same. It is nice and clean... the way we like it. Underneath you will find new features which will allow you to dynamically create, launch and manipulate tests, reports and workspaces.

2. Websecurify 0.5 is more than just a scanner. It is an integrated web application security testing runtime with builtin support for dynamic testing engines. In other words, Websecurify provides a powerful API to support numerous types of commercial and free testing engines. This API is also implemented and used across the entire environment. Once a scanner/testing engine is wrapped into our simple API interfaces, which btw can be written in JavaScript, Python, Java or C++, it will look, feel and act as a native component of the Websecurify environment and it will benefit all other features that come with it or as extensions.

3. The reporting engine has been vastly improved. Reports look now better and the internal code is much easier to read. There are 3 main exporting mechanism that come bultin into the environment. New mechanisms can be dynamically added. This means that the reporting engine can virtually export into any type of format.

4. A new view has been added to make issues easier to understand . Like any other part of the Websecurify Runtime, this view can be easily extended to provide any kind of additional information.

5. Websecurify 0.5 will also be available to Advanced users. The new version can record and display all HTTP transactions originating from your current workspace. This information is automatically saved into the workspace.

6. The HTTP Transactions view can be filtered to ease navigation. New filters can be dynamically integrated with the help of simple extensions.

7. Websecurify Advanced provides an integrated browser with multi-session support. You can spawn many internal browsers and browser sessions. All the browser traffic is recorded and can be easily referred to when required.

8. Every time a browser visits a page, the HTTP transaction is recorded and can be displayed and analysed if needed.

9. Session browsers can also record any subtransactions related to the currently displayed page. This method is in particular very useful when analysing complex AJAX applications as you will get a display of only the transactions specific to the current page and nothing else.

10. Many internal small improvements make the overall experience just great. A lot of time has been spent on defining clear and easier to use API to make further improvements easy to accomplish.

And this is just the beginning.

Navigation

Blog

Websecurify | Blog

Websecurify 0.5RC1 Is Available for Download

What's New in Websecurify 0.5

Websecurify 0.5Beta1 Is Available for Download

Websecurify 0.5 in all of its Glory

The Upcoming 0.5