Wapiti brochure


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wapiti brochure

  1. 1. ARGENTINA COLOMBIA GRUPO GESFOR CHILE MEXICO PANAMA PERU SPAIN U.S.A. VENEZUELA Wapiti, Web application vulnerabity scanner and security auditor Wapiti is an open source project lead by Nicolas Surribas and the Spanish company Grupo Gesfor, developed within the 7th Framework Programme European project named “Romulus”. Wapiti allows to audit the security of web applications and detect potential vulnerabilities with a black box approach, launching simulated attacks in the same way as a real attacker would do. The tool is aimed at both security auditors and web application developers, frequently lacking solid IT security background. The application is easy to use with the default configuration and performs the attacks with no human interaction. Security auditors, on the other hand, can take the most from Wapiti thanks to its advanced configuration options that would allow checking specific or personalised security aspects of a web site or application. International recognition Open Web Application Security Project (OWASP), one of the most important non-profit organizations in the field of ICT security, has recognized the usefulness of this tool, including Wapiti as Alpha OWASP Project and distributing Wapiti in the OWASP Live CD Project. In less than one year, Wapiti has been downloaded more than 25.000 times from its Sourceforge page. A project in continuous evolution Wapiti project will be included and improved within VulneraNET scope, a Spanish R&D project funded by the Spanish Ministry of Industry, Tourism and Trade. The main new features of Wapiti will be a source code analysis engine and the ability to access to a security knowledge base to directly propose remediation for the found vulnerabilities, as well as the inclusion of integration with GoogleWave, in order to provide a collaborative ethical hacking environment infrastructure. http://www.ict-romulus.eu/web/wapiti
  2. 2. SPANISH HEADQUARTERS Avda. Manoteras, 32 - Edificio GESFOR Wapiti Features 28050 MADRID Tlfs: (34) 91 304 80 94 Main Vulnerabilities Detected Fax: (34) 91 754 50 52 SUNION Wapiti can detect and identify the most frequent and critical vulnerabilities found in web HR Consulting and Training applications: Tlfs: (34) 91 440 00 66 Fax: (34) 91 440 01 64 File Handling Errors. GERMINUS Tlfs: (34) 91 304 80 94 Database Injection (SQL Injections and XPath Injections). Fax: (34) 91 754 50 52 XSS (Cross Site Scripting). SOUTHERN STAR Tlfs: (34) 91 372 98 60 LDAP Injection. Fax: (34) 91 307 62 27 Command Execution detection. SUBSIDIARIES CRLF Injection (HTTP Response Splitting, session fixation...) GESFOR ARGENTINA Tlfs: (54 11) 4371 94 31 - 4374 45 53 4373 50 68 - 4373 50 93 Extensibility GESFOR COLOMBIA Wapiti can be easily extended to include new types of attacks thanks to its modular architecture; (HEADQUARTERS) Tlfs: (57 1) 635 68 70 - 635 68 92 each attack is implemented as a module, independent from the rest. Wapiti also allows the Fax: (57 1) 691 26 12 configuration of malicious characters strings or payloads, which can be injected into the existent GESFOR COLOMBIA attacks to expand them. (SOFTWARE FACTORY) Tlfs: ( 57 1) 353 15 55 - 353 15 56 Fax: ( 57 1) 283 88 23 Vulnerabilities Reports GESFOR CHILE (HEADQUARTERS) Wapiti generates reports of the found Tlfs: (56 2) 571 50 00 vulnerabilities, which can be exported to Fax: (56 2) 571 50 30 different formats: HTML, XML or plain GESFOR MÉXICO text. Reports are targeted to programmers Tlfs: (52 5) 555 23 27 57 and developers, an audience that GESFOR PANAMA frequently does not have IT security Tlfs: (507) 663 88707 Skype: (507) 340 6444 background, providing easy-to- Fax: (507) 340 6446 understand, comprehensive information GESFOR PERU to help solving the vulnerabilities. (SOFTWARE FACTORY) Tlfs: (511) 330 16 61 - 330 30 60 The reports contain detailed information Fax: (511) 330 62 11 about the found vulnerabilities, with INFORMÁTICA GESFOR VENEZUELA illustrative evidence of the successful Tlfs: (58 212) 264 04 25 / 267 78 39 (58 212) 267 46 93 / 263 23 19 attacks, that can be reproduced for clarity. Fax: (58 212)263 78 14 The vulnerabilities also have a natural GESFOR USA Inc language description and explanation, Tlfs: (1) 3053 778 777 generic mitigation solution to solve them and references to web pages with information about each vulnerability. Vulnerabilities Reports Image Wapiti web site: http://www.ict-romulus.eu/web/wapiti Download site: http://sourceforge.net/projects/wapiti/ Grupo Gesfor Grupo Gesfor is a Spanish multinational was founded in Grupo Gesfor is aware of the importance of the research and 1985 by a selected group of Spanish engineers that came innovation as one of the main engines of current economy from the energy, electricity and tourism sectors. Their mission and, for this reason, it keeps a strong commitment to R&D was to create a premier Spanish multinational that would (over $5 million). provide global IT and HR solutions to its customers in Spain and abroad. Today, Grupo Gesfor has over 2,200 professionals Our group, specialized in technological consulting, pays and 8 international subsidiaries (Argentina, Colombia, Chile, special attention to R&D activities, specially the ones oriented Mexico, Panama, Peru, Venezuela and USA). to content management, resources optimization, mobility Our main services and solutions are ITM Consulting, EAI and traceability, e-learning or security. Our goal is identifying and Application Development, Outsourcing, Software Factory, opportunities and getting our clients closer to differential, Open Source, Systems Administration, Training, Human global and value added solutions to help them being more Resources Consulting, IT Security and Quality Methodology. competitive. For more information about our services and solutions or R&D projects, please contact marketing@gesfor.es or innovacion@grupogesfor.com http://innovacion.grupogesfor.com www.gesfor.es www.grupogesfor.com GRUPO GESFOR Encontramos soluciones tecnológicas