Assessing and Exploiting Web Applications with the open-source Samurai Web Testing Framework

This week, December 10, I participated in the first OWASP international conference cellebrated in Spain, and specifically, in Iberia. IBWAS'09, the Iberic Web Application Security Conference, by the Spanish and Portuguese OWASP chapters, promoted the need of (web) application security controls and I predict it will be the conference of reference in upcoming years in the region. It was interesting to start by listening to Bruce Schneier talking about the present and future of the information security industry.

As an active member of the Samurai-WTF project, my presentation described Samurai-WTF main purpose plus its recent additions, available from the official SVN repository. I ended up with a hacking demo to demonstrate the power of integrating multiple attack tools in a single platform for web-app pen-testing exercises:

The Samurai Web Testing Framework (WTF) is an open-source LiveCD focused on web application security testing. It includes an extensive collection of pre-installed and pre-configured top penetration testing and security analysis tools, becoming the perfect environment for assessing and exploiting web applications. The tools categorization guides the analyst through the web-app penetration testing methodology, from reconnaissance, to mapping, discovery and exploitation.

This talk describes the actively developed Samurai WTF distribution, its tool set, including the recently created Samurai WTF Firefox add-ons collection (to convert the browser in the ultimate pentesting tool), the advanced features provided by the integration of multiple attack tools, plus the new tool update capabilities.

If you are interested on the project, start by checking the "Assessing and Exploiting Web Applications with the open-source Samurai Web Testing Framework" presentation, and join the project in sourceforge.net (and the mailing list).

Become a Samurai!