Vega – Web security scanner and web security testing platform.
Alright, Today I have come up with an interesting topic which is Vega and this blog is inspired by the last blog I wrote on web security. Vega is nothing but a tool, we will talk more about Vega in a while but let’s first talk ‘Why Vega’. So, next when you are done with your application from development to testing make sure you have tested it against attacks and vulnerabilities out there on the internet. You can protect your application from security attacks and vulnerabilities when you know about them. Almost every web application has potential security risks and loopholes that are hidden until we run a security test on them. Now you must be wondering why I am talking so much about security testing so much. In order to prevent malicious and security attacks on your web application, It has to be well tested. How it can be done?
There are several tools available in the market which will be doing this for you and Vega is one of them. So Let’s talk about Vega in detail now. Vega is the web-application vulnerability tool which allows you to audit the security of your web-application.
Introduction to Vega
Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information and other vulnerabilities. It is written in Java, GUI based and runs on Linux, OS X, and Windows.
Vega can help you find vulnerabilities
Vega can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. Vega also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers.
How does Vega work?
Features of Vega
- GUI Based
Vega has a well-designed graphical user-interface.
Vega is written in Java and runs on Linux, OS X, and Windows.
How to install Vega?
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get install vega
Alternatively, You can download it from here https://subgraph.com/vega/download/
Vega in Action
As mentioned previously Vega is a tool and comes with a GUI. So, Now we have set up Vega already let’s test a website against the various security attacks and vulnerabilities.
Let’s test www.getcodesquad.com/login against vulnerabilities and loopholes and see if It has any.
How does Vega GUI look like?
First test on Vega
Click on “Start New Scan” button in the top left corner. A new pop-up would open-up like below
Enter the website’s URI to scan it against vulnerabilities and loopholes. After entering all the details hit the “Next” button and choose the modules to run, It is recommended to choose all the modules for better testing and after you finish it, You will the scanner in progress and once the scan is completed you would see the results.
Here you go. We ran the scanner on the above-mentioned link and the results are as follows
Above is the result of the scan done on http://www.getcodesquad.com/login
If you find any challenge, Do let me know in the comments. If you enjoyed this post, I’d be very grateful if you’d help it spread.Keep smiling, Keep testing! Cheers!