w3af Review

It's buggy and seems to try to do too many things, but having this on a USB drive has been valuable.

What is most valuable?

Having this on a USB drive saved me so many times, and has also proven an easy way to hammer the point home when doing a physical penetration test.

How has it helped my organization?

We've been able to do lots of tests and have gotten lots of useful results.

What needs improvement?

I found it buggy, but it probably takes an expert user who knows programming to work it properly.`

For how long have I used the solution?

I've used it for one year.

What was my experience with deployment of the solution?

The best free software for pen testing web applications.

What do I think about the stability of the solution?

Unfortunately, once you get around the seemingly strict set of pre-requisites to install it, it is incredibly buggy. It seems to try to do too many things and be too fancy, but simply isn't useful.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's good.

Technical Support:

It's good.

Which solution did I use previously and why did I switch?

I use many tools, but this one is always the first.

How was the initial setup?

Installation is with some kind of wizard, but the tool is very useful and easy to use. Best choice as a good starting point.

What about the implementation team?

I did it myself from their website.

What was our ROI?


Which other solutions did I evaluate?

We chose this one because it is one of the most powerful web penetration tools.

What other advice do I have?

I tried to install this on numerous systems and eventually, with help, I got it running. It needs far too many dependencies installed and there's too much messing about to be of much use. Once running, it's buggy and begs the question can it be relied upon? Even within Kali it reports website time-outs, yet Zap or Burp are able to do a successful scan. I wanted this to work so much and be able to use it as an additional check of my results but have now binned it.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about w3af, PortSwigger, Acunetix and others in Application Security. Updated: December 2020.
454,950 professionals have used our research since 2012.
Add a Comment
1 Comment

author avatarRavi Suvvari
Top 5LeaderboardReal User

Informative review.