w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements.
To import your data from the Web Application Attack and Audit Framework to the Application Security Module, you will need to leverage the w3af Connector under the Dynamic Assessment category.
The Connector is only a full run connector, and does not support incremental loads.
User Prerequisites/Connector Setup:
-
You must be able to export data from w3af in XML format.
-
You must be a Cisco Vulnerability Management administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Dynamic Assessment section, click w3af .
4. On the w3af page, enter the following information:
-
Name: Enter a name for the connector, or leave it as w3af.
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans).
5. Click Save.
What w3af Items does Cisco Vulnerability Management Import?
Fields in w3af |
Fields in Cisco Vulnerability Management |
Note |
scaninfo > target |
Application Identifier |
Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:"" |
vulnerability > url |
URL |
|
name |
Vulnerability Name |
|
-N/A- |
vulnerability Status |
Cisco Vulnerability Management does not map false positives, all vulnerabilities reported are imported in a default status of “open”. Once vulnerabilities are not reported in a subsequent scan, in which case the platform auto-closes the vuln. |
vulnerability > message |
Details |
|
-N/A- |
Solution |
Not passed from w3af, Cisco Vulnerability Management applies solutions based on our Fix Repository mapping |
severity |
scanner_score |
Low - 3 |
plugin |
CWE |
Mapped based on identifier or manual (Code based, no human input) mapping based on data received |
Start (scan Start) |
Last Seen |
|
-N/A- |
Tags |
No tags are presented in the XML report. As a result, no tags are imported. |
The Connector does not import the following:
-
Custom fields
-
Tags (if any)
Optional Settings
The following settings can be enabled on the backend for w3af Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
Exclude Informationals
When this option is enabled, Cisco Vulnerability Management will import only vulnerabilities that include a CVE, CWE, or WASC ID.
Skip Tags
This setting enables you to not create any Tags in Cisco Vulnerability Management based on the scanner metadata.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Tag Reset
This setting assists you in keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.
If you have created any manual tags or any tags were created off of metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for w3af Connector Run Failures
-
If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
-
If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run
Additional Assistance:
Contact Cisco Support if you require any additional assistance with the w3af Connector.
Comments
Please sign in to leave a comment.