Vega – Web security scanner and web security testing platform.
Alright, Today I have come up with an interesting topic which is Vega and this blog is inspired by the last blog I wrote on web security. Vega is nothing but a tool, we will talk more about Vega in a while but let’s first talk ‘Why Vega’. So, next when you are done with your application from development to testing make sure you have tested it against attacks and vulnerabilities out there on the internet. You can protect your application from security attacks and vulnerabilities when you know about them. Almost every web application has potential security risks and loopholes that are hidden until we run a security test on them. Now you must be wondering why I am talking so much about security testing so much. In order to prevent malicious and security attacks on your web application, It has to be well tested. How it can be done?
There are several tools available in the market which will be doing this for you and Vega is one of them. It is the web-application vulnerability tool which allows you to audit the security of your web-application.
Introduction-
Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. It can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information and other vulnerabilities. It is written in Java, GUI based and runs on Linux, OS X, and Windows.
Vega can help you find vulnerabilities
It can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. It also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers.
How does Vega work?
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. It can be extended using a powerful API in the language of the web: Javascript.
Features-
- GUI Based
Vega has a well-designed graphical user-interface.
- Multi-platform
Vega is written in Java and runs on Linux, OS X, and Windows.
- Extensible
Vega detection modules are written in Javascript. It is easy to create new attack modules using the rich API exposed by Vega.
How to install Vega?
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get install vega
Alternatively, You can download it from here https://subgraph.com/vega/download/
Vega in Action
As mentioned previously Vega is a tool and comes with a GUI. So, Now we have set up Vega already let’s test a website against the various security attacks and vulnerabilities.
Let’s test www.getcodesquad.com/login against vulnerabilities and loopholes and see if It has any.
How does Vega’s GUI look like?
First test on Vega
Click on “Start New Scan” button in the top left corner. A new pop-up would open-up like below
Enter the website’s URI to scan it against vulnerabilities and loopholes. After entering all the details hit the “Next” button and choose the modules to run, It is recommended to choose all the modules for better testing and after you finish it, You will the scanner in progress and once the scan is completed you would see the results.
Here you go. We ran the scanner on the above-mentioned link and the results are as follows
Above is the result of the scan done on http://www.getcodesquad.com/login
If you find any challenge, Do let me know in the comments. If you enjoyed this post, I’d be very grateful if you’d help it spread.Keep smiling, Keep testing! Cheers!
