All integrations
DAST

w3af integration

Export the w3af scan as XML and upload it against the w3af source.

Scan types imported

  • Web application attack & audit framework findings

File import

XML

The template walks one vulnerability element per finding.

What Centraleyezer expects in the file

  • Per finding: vulnerability name (attribute), description and fix guidance, attached to the scan target.

How imported findings are risk-scored

Every w3af finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the w3af integration live

Book a demo and we’ll connect your w3af data and walk through risk-based prioritisation on your own findings.

w3af Integration — Setup & Imported Scan Types