There are many exciting improvements in the upcoming release of Websecurify. For a start, many internal components have been rewritten for clarity, the performance has been vastly improved and the core API has been made even more stable and dynamic.
Here are some of the improvements in a bit more detail.
The welcome screen is still the same. It is nice and clean... the way we like it. Underneath you will find new features which will allow you to dynamically create, launch and manipulate tests, reports and workspaces.
Websecurify 0.5 is more than just a scanner. It is an integrated web application security testing runtime with builtin support for dynamic testing engines. In other words, Websecurify provides a powerful API to support numerous types of commercial and free testing engines. This API is also implemented and used across the entire environment. Once a scanner/testing engine is wrapped into our simple API interfaces, which btw can be written in JavaScript, Python, Java or C++, it will look, feel and act as a native component of the Websecurify environment and it will benefit all other features that come with it or as extensions.
The reporting engine has been vastly improved. Reports look now better and the internal code is much easier to read. There are 3 main exporting mechanism that come bultin into the environment. New mechanisms can be dynamically added. This means that the reporting engine can virtually export into any type of format.
A new view has been added to make issues easier to understand . Like any other part of the Websecurify Runtime, this view can be easily extended to provide any kind of additional information.
Websecurify 0.5 will also be available to Advanced users. The new version can record and display all HTTP transactions originating from your current workspace. This information is automatically saved into the workspace.
The HTTP Transactions view can be filtered to ease navigation. New filters can be dynamically integrated with the help of simple extensions.
Websecurify Advanced provides an integrated browser with multi-session support. You can spawn many internal browsers and browser sessions. All the browser traffic is recorded and can be easily referred to when required.
Every time a browser visits a page, the HTTP transaction is recorded and can be displayed and analysed if needed.
Session browsers can also record any sub-transactions related to the currently displayed page. This method is in particular very useful when analysing complex AJAX applications as you will get a display of only the transactions specific to the current page and nothing else.
Many internal small improvements make the overall experience just great. A lot of time has been spent on defining clear and easier to use API to make further improvements easy to accomplish.
And this is just the beginning.