[Openvas-devel] OpenVAS and Web App Security

Christian Kuersteiner ckuerste at gmx.ch
Wed Oct 21 05:51:28 CEST 2009

Vlatko Kosturjak wrote:
> We have also integrated w3af ( http://w3af.sf.net ) recently.
> Here's link to the NVT on OpenVAS SVN trunk:
> http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-w3af.nasl?root=openvas&view=log 
> Best regards,
> Kost
Ah, that's great. Thanks for the information.

For me the question is rising in which direction we would like to go. 
Should we try to integrate as many external tools (like w3af, nikto) and 
let the user customize the parameters as much as possible? Or should we 
try to integrate some own scanning engine e.g. with the engine of 
opensqling (thanks Christian for the hint!).
On one side as an auditor I like to customize as much as possible. On 
the other side I think admins like to use a vuln scanner as a shoot and 
forget tool where they tweak the parameters once in a while but 
otherwise don't bother too much with the fine tuning.
I think a lot of great work is already done in web app scanning and 
there is not really a need for reinventing the wheel. The question is 
what and how OpenVAS should support it.


More information about the Openvas-devel mailing list