Websecurify In General
markus
beta software) without clear documentation...
The trial desktop version is more than poor and gives not a secure
feeling about the tools capabilities.
I' ve developed a PDF report extension for version <= 0.8 and from now
nobody responds to my questions concerning the future plans, bug fixes
etc.
Petko D. Petkov
Actually this is not true. The commercial offering of Websecurify is not in beta. The product is fully functional and it has been operational for a while. The price we are asking is quite fair in comparison to other vendors. For example, with Websecurify you are not locked to annual subscription models. Websecurify is sold per-major release so once you buy this version you have it and you can use it as much as you want. You don't have to deal with complex licensing schemes. The alternative is to fork 6K to one of our competitor's products which will be limited to one nominated site and then pay annual renewal fees to keep it running.
Such restrictions do not exist in our world!
Needless to say we will support every major version until and beyond next major release (under certain limits of course). For example, this February we will be releasing an update for multilingual support and the new improved Websecurify Mobile for iPhone. All current customers are getting this automatically. In March we have other updates. These sort of things you will get as part of the commercial package. We are actually pushing innovation on many different levels and this is why the customer is getting a good value for money, in fact better than anything that is currently offered out there.
Perhaps it is a good time to explain what is happening to Websecurify Basic (free version). The situation hasn't changed one bit. It is there and we will support it no matter what we do in the future. However we wont be able to release updates for it as frequent as we would like or provide for free any of the advanced features which require constant polishing and tuning and significant investment. Obviously we want to make Websecurify Basic cool and useful and as such show the product superiority so expect some good updates coming very soon. However, let me clarify on my previous point, it simply not viable to have full-time support of a free software.
Websecurify basic will remain free but community driven. This opens the product to a lot of interesting options. For example, if there is an interest to develop extensions for it, that will make the product very powerful. Perhaps even more powerful than what we are currently providing commercially. If you decide to write a XUL-based tool for Websecurify Basic, let's say SQL Injection exploitation tool built into the report workflow, that will make the product 100 times better right? Such things we are going to leave to the community. The possibilities are endless and the platform that we provide is the most customisable from all web application security testing solutions out there.
The next step for us, in terms of the free version, is to point the hot areas where the community can put resources and explain in very high level how the work can be done. That is coming soon and will appear on the wiki.
I hope that this answers your question and clears some of your doubts. Websecurify is here to stay and you will see it flourishing for many years ahead. Websecurify Basic will be still free and shipped with BackTrack and other distros by default. All browser extensions will also be free. I believe that everybody wins not because we will provide some stuff for free but because we are bringing a very innovative technology with remarkable capabilities and clearly visible potential.
pdp
--
Petko D. Petkov | GNUCITIZEN.org
PGP Key ID: 0xF2FD757A