Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Andres Riancho  

AUTHOR STATS:

8

Nexpose Reaches OWASP Top10 Coverage

Rapid7 is proud to announce that Nexpose's 5.1 web application scanning capabilities can now detect all types of vulnerabilities in OWASP's Top10! We've completed this task with the addition of two new vulnerability checks, A5: Cross-Site Request Forgery (CSRF) and A8: Failure to Restrict…

New w3af release! (1.1)

Today we're releasing w3af's 1.1 version which includes the following changes:Considerably increased performance by implementing gzip encodingEnhanced embedded bug report system using Trac's XMLRPCFixed hundreds of bugsFixed critical bug in auto-update featureEnhanced integration with other tools (bug fixed and added more info to…

Rapid7 at OWASP AppSec US

OWASP's biggest show is just around the corner! This year's OWASP AppSec USA will be held in Minneapolis and Rapid7 is all in. We're sponsoring the show and I'm going to be participating as a speaker and will be showing w3af tips and tricks at…

w3af: winning the fight against encodings!

The Web is not only written in ASCII. Most of us in the western hemisphere are used to reading different languages which, except from a couple of letters like ñ and ç, can be represented with ASCII (see also: man ascii) but the world has…

Detecting LDAP injections

It all started to go wrong when Web applications started to replace internal desktop applications in many companies around the globe and one manager proposed: "We should authenticate access to this application using our Active Directory!" and after some minutes a developer wrote a piece…

w3af and NeXpose's web application security scanner

Little has been said about how w3af is really helping NeXpose's web application security scanner become the best in class; and even less has been said about how NeXpose is helping w3af; so I thought about writing this short blog post and tell you all…

Being Agile within an Open Source project

When I started to work at Rapid7 almost a year and a half ago, one of the first things I thought about was: "How can w3af benefit from all the methodologies, tools and ideas that Rapid7 uses to create NeXpose?", and without using too many…

w3af - And now, with a stable core

Since our latest w3af release in mid January, and our new windows installer release a couple of months ago, we've got lots of encouraging words telling us we are going in the right direction. The objective was near and we could almost taste it. Having…