[Openvas-devel] OpenVAS and Web App Security
Christian Kuersteiner
ckuerste at gmx.ch
Wed Oct 21 05:51:28 CEST 2009
Vlatko Kosturjak wrote:
> We have also integrated w3af ( http://w3af.sf.net ) recently.
>
> Here's link to the NVT on OpenVAS SVN trunk:
> http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-w3af.nasl?root=openvas&view=log
>
>
> Best regards,
>
> Kost
>
Ah, that's great. Thanks for the information.
For me the question is rising in which direction we would like to go.
Should we try to integrate as many external tools (like w3af, nikto) and
let the user customize the parameters as much as possible? Or should we
try to integrate some own scanning engine e.g. with the engine of
opensqling (thanks Christian for the hint!).
On one side as an auditor I like to customize as much as possible. On
the other side I think admins like to use a vuln scanner as a shoot and
forget tool where they tweak the parameters once in a while but
otherwise don't bother too much with the fine tuning.
I think a lot of great work is already done in web app scanning and
there is not really a need for reinventing the wheel. The question is
what and how OpenVAS should support it.
Christian
More information about the Openvas-devel
mailing list