Having this on a USB drive saved me so many times, and has also proven an easy way to hammer the point home when doing a physical penetration test.
w3af Review
It's buggy and seems to try to do too many things, but having this on a USB drive has been valuable.
What is most valuable?
How has it helped my organization?
We've been able to do lots of tests and have gotten lots of useful results.
What needs improvement?
I found it buggy, but it probably takes an expert user who knows programming to work it properly.`
For how long have I used the solution?
I've used it for one year.
What was my experience with deployment of the solution?
The best free software for pen testing web applications.
What do I think about the stability of the solution?
Unfortunately, once you get around the seemingly strict set of pre-requisites to install it, it is incredibly buggy. It seems to try to do too many things and be too fancy, but simply isn't useful.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
It's good.
Technical Support:It's good.
Which solution did I use previously and why did I switch?
I use many tools, but this one is always the first.
How was the initial setup?
Installation is with some kind of wizard, but the tool is very useful and easy to use. Best choice as a good starting point.
What about the implementation team?
I did it myself from their website.
What was our ROI?
100%.
Which other solutions did I evaluate?
We chose this one because it is one of the most powerful web penetration tools.
What other advice do I have?
I tried to install this on numerous systems and eventually, with help, I got it running. It needs far too many dependencies installed and there's too much messing about to be of much use. Once running, it's buggy and begs the question can it be relied upon? Even within Kali it reports website time-outs, yet Zap or Burp are able to do a successful scan. I wanted this to work so much and be able to use it as an additional check of my results but have now binned it.
Which version of this solution are you currently using?
1.1
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 09 2015
Find out what your peers are saying about w3af, PortSwigger, Acunetix and others in Application Security. Updated: December 2020.
454,950 professionals have used our research since 2012.
Add a Comment
Author
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Consultant
Top 5LeaderboardBuyer's Guide
Download our free Application Security Report and find out what your peers are saying about w3af, PortSwigger, Acunetix, and more!
Product Categories
Application SecurityPopular Comparisons
PortSwigger Burp
Acunetix Vulnerability Scanner
WhiteSource
Tenable.io Web Application Scanning
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about w3af, PortSwigger, Acunetix, and more!
Quick Links
- When evaluating Application Security, what aspect do you think is the most important to look for?
- Which application security solutions include both vulnerability scans and quality checks?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- What are the OWASP top 10 in 2020?
- SAST vs. DAST: Which is better for application security testing?