W3AF Connector Page

w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements.


To import your data from the Web Application Attack and Audit Framework to the Kenna.AppSec module, you will need to leverage the w3af Connector under the Dynamic Assessment category.
The Connector is only a full run connector, and does not support incremental loads.

 

User Prerequisites/Connector Setup:

  • Given that the connector is an XML connector, it only requires customers to be able to export their data from w3af in XML format.
     

Configuring your Connector in Cisco Vulnerability Management

 

To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select W3AF.

 

w3af_Logo.png

Once you select the w3af Connector the following screen will appear:

w3af_Config.png

 

  • Enter a name for the connector, or leave it as “w3af” if you wish.

  • Click Save and Verify.

  • If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later. (We recommend 2-3x the scan cadence of your w3af Scans).

 

What w3af Items does Cisco Vulnerability Management Import?

Fields in w3af

Fields in Cisco Vulnerability Management

Note

scaninfo > target

Application Identifier

Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:""

vulnerability > url

URL

 

name

Vulnerability Name

 

 

-N/A-

 

vulnerability Status

We do not map false positives, all vulnerabilities reported are imported in a default status of “open”. Once vulnerabilities are not reported in a subsequent scan, in which case the platform auto-closes the vuln.

vulnerability > message

Details

 

-N/A-

Solution

Not passed from w3af, Cisco Vulnerability Management applies solutions based on our Fix Repository mapping

severity

scanner_score

Low - 3
Medium - 6
High - 9
Else - 0

plugin

CWE

Mapped based on identifier or manual (Code based, no human input) mapping based on data received

Start (scan Start)

Last Seen

 

-N/A-

Tags

No tags are presented in the XML report. As a result, no tags are imported.

 

The Connector does not pull in the following:

  • Custom fields

  • Tags (if any)

 
Optional Settings

The following settings can be enabled on the backend for w3af Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

  • Exclude Informationals

    • When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

  • Skip Tags

    • This setting will allow you to NOT create any Tags within Cisco Vulnerability Management based on the scanner metadata.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Tag Reset

    • This setting will assist in keeping your scanner metadata in sync with Cisco Vulnerability Management. Each time the connector is run, ALL tags within Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.

    • If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

 

Common Reasons for w3af Connector Run Failures

  • Unexpected data

    • If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.

  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run

 

Additional Assistance:

Please contact Support should you require any additional assistance with the w3af Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.