W3af Summary

The integration of w3af with the Centraleyezer Vulnerability Management platform enhances the import and management of security findings. This collaboration enables organizations to efficiently identify, prioritize, track, and remediate vulnerabilities, thereby improving their overall security posture and risk management.

W3af Key Features

  • Data Import:

    • Import vulnerabilities from w3af into Centraleyezer, either on-demand or via automated schedules.

    • Supported formats: XML.

  • Detailed Findings:

    • Centraleyezer provides comprehensive vulnerability details detected by w3af tools.

  • Risk Scoring:

    • Configurable severity values for w3af findings, adjustable based on organizational risk policies.

  • Selective Data Import:

    • Supports filtering based on status, scan type, and severity for more precise data imports.

Considerations

  • The integration supports mapping one w3af security tool instance with one Centraleyezer instance.

  • Configuring a different w3af instance in the plugin will overwrite previously imported data.

Requirements

  • System Requirements:

    • Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform recommended.

    • w3af Prerequisites: API access must be enabled with proper authentication and must support export of vulnerability findings and API-based integration.

  • Permissions and Roles:

    • Centraleyezer: Requires System Admin or Application Security Manager permissions.

    • w3af Security Tools: User access for vulnerability scan information.

    • Import mappings require admin-level permissions.

Release Notes

Version 1.0.0:

New mappings for vulnerabilities from w3af security tools during scans include:

    • Asset (Target)

    • Name

    • Description

    • Recommendation (Fix Guidance)