Bonsai Information Security - Research

Information Security

Bonsai is a company which considers Open Source and research to be its cornerstones. In the vulnerability research sector, Bonsai focuses on the detection of new vulnerabilities in Software and Hardware products, as well as in the research of new attack vectors in Web applications. The vulnerabilities reported by Bonsai can be found here.

As an outcome of our research and development tasks, Bonsai provides the community with three tools: w3af, moth and untidy, all of them released under GPL license:

  1. w3af - Web Application Attack and Audit Framework, is a tool for vulnerability discovery and exploitation in Web applications, developed by Andrés Riancho together with worldwide contributors.

  2. untidy is an XML multi-purpose fuzzer. By using the tool you can find vulnerabilities in any software using XML, such as OpenOffice, Web Services and Browsers.

  3. moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for testing web application tools and teaching web application security.