GRUPO GESFOR CHILE
Web application vulnerabity scanner
and security auditor
Wapiti is an open source project lead by Nicolas Surribas
and the Spanish company Grupo Gesfor, developed within
the 7th Framework Programme European project named
Romulus. Wapiti allows to audit the security of web
applications and detect potential vulnerabilities with a black
box approach, launching simulated attacks in the same
way as a real attacker would do.
The tool is aimed at both security auditors and web
application developers, frequently lacking solid IT security
background. The application is easy to use with the default
configuration and performs the attacks with no human
interaction. Security auditors, on the other hand, can
take the most from Wapiti thanks to its advanced
configuration options that would allow checking specific
or personalised security aspects of a web site or application.
Open Web Application Security Project (OWASP), one of
the most important non-profit organizations in the field of
ICT security, has recognized the usefulness of this tool,
including Wapiti as Alpha OWASP Project and distributing
Wapiti in the OWASP Live CD Project.
In less than one year, Wapiti has been downloaded more
than 25.000 times from its Sourceforge page.
A project in continuous evolution
Wapiti project will be included and improved within
VulneraNET scope, a Spanish R&D project funded by the
Spanish Ministry of Industry, Tourism and Trade. The main
new features of Wapiti will be a source code analysis engine
and the ability to access to a security knowledge base to
directly propose remediation for the found vulnerabilities,
as well as the inclusion of integration with GoogleWave,
in order to provide a collaborative ethical hacking
Avda. Manoteras, 32 - Edificio GESFOR
Tlfs: (34) 91 304 80 94 Main Vulnerabilities Detected
Fax: (34) 91 754 50 52
Wapiti can detect and identify the most frequent and critical vulnerabilities found in web
HR Consulting and Training applications:
Tlfs: (34) 91 440 00 66
Fax: (34) 91 440 01 64 File Handling Errors.
Tlfs: (34) 91 304 80 94
Database Injection (SQL Injections and XPath Injections).
Fax: (34) 91 754 50 52
XSS (Cross Site Scripting).
Tlfs: (34) 91 372 98 60 LDAP Injection.
Fax: (34) 91 307 62 27
Command Execution detection.
CRLF Injection (HTTP Response Splitting, session fixation...)
Tlfs: (54 11) 4371 94 31 - 4374 45 53
4373 50 68 - 4373 50 93 Extensibility
GESFOR COLOMBIA Wapiti can be easily extended to include new types of attacks thanks to its modular architecture;
Tlfs: (57 1) 635 68 70 - 635 68 92 each attack is implemented as a module, independent from the rest. Wapiti also allows the
Fax: (57 1) 691 26 12 configuration of malicious characters strings or payloads, which can be injected into the existent
GESFOR COLOMBIA attacks to expand them.
Tlfs: ( 57 1) 353 15 55 - 353 15 56
Fax: ( 57 1) 283 88 23 Vulnerabilities Reports
Wapiti generates reports of the found
Tlfs: (56 2) 571 50 00 vulnerabilities, which can be exported to
Fax: (56 2) 571 50 30
different formats: HTML, XML or plain
GESFOR MÉXICO text. Reports are targeted to programmers
Tlfs: (52 5) 555 23 27 57
and developers, an audience that
GESFOR PANAMA frequently does not have IT security
Tlfs: (507) 663 88707
Skype: (507) 340 6444 background, providing easy-to-
Fax: (507) 340 6446 understand, comprehensive information
GESFOR PERU to help solving the vulnerabilities.
Tlfs: (511) 330 16 61 - 330 30 60 The reports contain detailed information
Fax: (511) 330 62 11
about the found vulnerabilities, with
INFORMÁTICA GESFOR VENEZUELA illustrative evidence of the successful
Tlfs: (58 212) 264 04 25 / 267 78 39
(58 212) 267 46 93 / 263 23 19 attacks, that can be reproduced for clarity.
Fax: (58 212)263 78 14 The vulnerabilities also have a natural
GESFOR USA Inc language description and explanation,
Tlfs: (1) 3053 778 777 generic mitigation solution to solve them
and references to web pages with
information about each vulnerability. Vulnerabilities Reports Image
Wapiti web site: http://www.ict-romulus.eu/web/wapiti
Download site: http://sourceforge.net/projects/wapiti/
Grupo Gesfor is a Spanish multinational was founded in Grupo Gesfor is aware of the importance of the research and
1985 by a selected group of Spanish engineers that came innovation as one of the main engines of current economy
from the energy, electricity and tourism sectors. Their mission and, for this reason, it keeps a strong commitment to R&D
was to create a premier Spanish multinational that would (over $5 million).
provide global IT and HR solutions to its customers in Spain
and abroad. Today, Grupo Gesfor has over 2,200 professionals Our group, specialized in technological consulting, pays
and 8 international subsidiaries (Argentina, Colombia, Chile, special attention to R&D activities, specially the ones oriented
Mexico, Panama, Peru, Venezuela and USA).
to content management, resources optimization, mobility
Our main services and solutions are ITM Consulting, EAI and traceability, e-learning or security. Our goal is identifying
and Application Development, Outsourcing, Software Factory, opportunities and getting our clients closer to differential,
Open Source, Systems Administration, Training, Human global and value added solutions to help them being more
Resources Consulting, IT Security and Quality Methodology. competitive.
For more information about our services and solutions or R&D projects, please contact email@example.com or firstname.lastname@example.org
www.grupogesfor.com GRUPO GESFOR
Encontramos soluciones tecnológicas