Difference between revisions of "Project Information:template Wapiti Project"

From OWASP
Jump to: navigation, search
(THIS PROJECT PAGE IS UNDER WORK AND CONTAINS WRONG INFORMATION)
m
 
(21 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== THIS PROJECT PAGE IS UNDER WORK AND CONTAINS WRONG INFORMATION ==
 
 
 
 
----
 
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 11: Line 8:
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
* Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but it will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
+
Wapiti allows to audit the security of web applications in an easy way. It performs a "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable. It has two principal parts, a crawler that explores the pages of the application and the attack module that injects the payloads and evaluates their responses. Wapiti is easy to use and it can detect the most common vulnerabilities (XSS, SQL Injection, File Handler Errors...). It provides to the user a complete report (html format) with the found vulnerabilities.
* Wapiti can detect the following vulnerabilities :
+
** File Handling Errors (Local and remote include/require, fopen, readfile...)
+
** Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
+
** XSS (Cross Site Scripting) Injection
+
** LDAP Injection
+
** Command Execution detection (eval(), system(), passtru()...)
+
** CRLF Injection (HTTP Response Splitting, session fixation...)
+
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Key Project Information'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:apastorn(at)grupogesfor.com|'''Alberto Pastor Nieto''']<br>[mailto:nicolas.surribas(at)gmail.com|'''Nicolas Surribas''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Devloop|'''Nicolas Surribas''']]
  | style="width:14%; background:#cccccc" align="center"|Project Contibutors<br>[mailto:name(at)name|'''Name''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Contibutors<br>[[User:Albertoes|'''Alberto Pastor Nieto''']]<br>[[User:Dpozog|'''David del Pozo González''']]
  | style="width:14%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-testing '''Subscribe here''']<br>[mailto:owasp-testing(at)lists.owasp.org '''Use here''']
+
  | style="width:14%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-wapiti-project '''Subscribe here''']<br>[mailto:owasp-wapiti-project@lists.owasp.org '''Use here''']
  | style="width:14%; background:#cccccc" align="center"|License<br>[http://www.gnu.org/copyleft/lesser.html GNU "Lesser" GNU Public License (LGPL)]
+
  | style="width:14%; background:#cccccc" align="center"|License<br>[http://www.gnu.org/copyleft/lesser.html '''GNU Lesser General Public License''']
 
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Alpha_Status_Projects|'''Tool''']]
 
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Alpha_Status_Projects|'''Tool''']]
 
  | style="width:15%; background:#cccccc" align="center"|Sponsors<br>if any, add link
 
  | style="width:15%; background:#cccccc" align="center"|Sponsors<br>if any, add link
Line 33: Line 23:
 
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''  
 
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''  
 
  |-
 
  |-
  | style="width:29%; background:#cccccc" align="center"|Provisory '''[[:Category:OWASP Project Assessment#Alpha Quality Tool Criteria|Apha Quality]]'''<br>(under review)<br>[[:OWASP Testing Guide 3.0 - Assessment Frame|Please see here for complete information.]]
+
  | style="width:29%; background:#cccccc" align="center"|Provisory '''[[:Category:OWASP Project Assessment#Alpha Quality Tool Criteria|Apha Quality]]'''<br>(under review)<br>[[:OWASP Wapiti Project - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="center"|
 
  | style="width:42%; background:#cccccc" align="center"|
[https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf OWASP Testing Guide V 3.0/PDF] - NEW RELEASE!!!<br>About OWASP Testing Guide V 3.0: [http://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt PowerPoint]<br>[[:OWASP Testing Guide v3 Table of Contents|OWASP Testing Guide v3 Table of Contents]]  
+
[http://www.ict-romulus.eu/web/wapiti '''OWASP Wapiti Project''']<br>
  | style="width:29%; background:#cccccc" align="center"|[[:Image:OWASP Testing Guide v2 pdf.zip|OWASP Testing V 2.0]]<br>[[:Category:OWASP Guide Project|OWASP Development Guide Project]]<br>[[:Category:OWASP Code Review Project|OWASP Code Review Project]]<br>[[:Category:OWASP ASDR Project|OWASP ASDR Project]]
+
[http://sourceforge.net/projects/wapiti/ '''Project's Sourceforge Repository''']
 +
  | style="width:29%; background:#cccccc" align="center"|[http://www.ict-romulus.eu '''ICT Romulus Project''']
 
  |}
 
  |}
 
----
 
----

Latest revision as of 02:49, 29 April 2009


PROJECT INFORMATION
Project Name OWASP Wapiti Project
Web application vulnerability scanner / security auditor
Short Project Description

Wapiti allows to audit the security of web applications in an easy way. It performs a "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable. It has two principal parts, a crawler that explores the pages of the application and the attack module that injects the payloads and evaluates their responses. Wapiti is easy to use and it can detect the most common vulnerabilities (XSS, SQL Injection, File Handler Errors...). It provides to the user a complete report (html format) with the found vulnerabilities.

Key Project Information Project Leader
Nicolas Surribas
Project Contibutors
Alberto Pastor Nieto
David del Pozo González
Mailing List
Subscribe here
Use here
License
GNU Lesser General Public License
Project Type
Tool
Sponsors
if any, add link
Release Status Main Links Related Projects
Provisory Apha Quality
(under review)
Please see here for complete information.

OWASP Wapiti Project
Project's Sourceforge Repository

ICT Romulus Project