Vega – Web security scanner and web security testing platform.
Alright, Today I have come up with an interesting topic which is Vega and this blog is inspired by the last blog I wrote on web security. Vega is nothing but a tool, we will talk more about Vega in a while but let’s first talk ‘Why Vega’. So, next when you are done with your application from development to testing make sure you have tested it against attacks and vulnerabilities out there on the internet. You can protect your application from security attacks and vulnerabilities when you know about them.  Almost every web application has potential security risks and loopholes that are hidden until we run a security test on them. Now you must be wondering why I am talking so much about security testing so much. In order to prevent malicious and security attacks on your web application, It has to be well tested. How it can be done?

There are several tools available in the market which will be doing this for you and Vega is one of them. So Let’s talk about Vega in detail now. Vega is the web-application vulnerability tool which allows you to audit the security of your web-application.

Introduction to Vega

Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information and other vulnerabilities. It is written in Java, GUI based and runs on Linux, OS X, and Windows.

Vega can help you find vulnerabilities

Vega can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. Vega also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers.

How does Vega work?

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

Features of Vega

  1. GUI Based
    Vega has a well-designed graphical user-interface.
  2. Multi-platform
    Vega is written in Java and runs on Linux, OS X, and Windows.
  3. Extensible
    Vega detection modules are written in Javascript. It is easy to create new attack modules using the rich API exposed by Vega.

How to install Vega?

Vega in Action

As mentioned previously Vega is a tool and comes with a GUI. So, Now we have set up Vega already let’s test a website against the various security attacks and vulnerabilities.
Let’s test www.getcodesquad.com/login against vulnerabilities and loopholes and see if It has any.

How does Vega GUI look like?

vega_gui

First test on Vega
Click on “Start New Scan” button in the top left corner. A new pop-up would open-up like below

how_to_add_target

Enter the website’s URI to scan it against vulnerabilities and loopholes. After entering all the details hit the “Next” button and choose the modules to run, It is recommended to choose all the modules for better testing and after you finish it, You will the scanner in progress and once the scan is completed you would see the results.

Here you go. We ran the scanner on the above-mentioned link and the results are as follows

scan_result

Above is the result of the scan done on http://www.getcodesquad.com/login

If you find any challenge, Do let me know in the comments. If you enjoyed this post, I’d be very grateful if you’d help it spread.Keep smiling, Keep testing! Cheers!

knoldus-advt-sticker

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s