SubGraph Launches Beta of Vega an Open Source Platform for Web Application Security Testing

by NextMontreal on July 5, 2011

VegaSubGraph has just announced the release of Vega 1.0 (beta). Vega is an open source platform for web application security testing. We spoke with the founder David Mirza back in November.

Vega is GUI-based and runs on Linux, Mac OS X and Windows. It’s written in Java and based on the Eclipse RCP framework. The core of Vega is its automated scanner and intercepting proxy.

The automated scanner crawls a web application, analyzing pages, looking for interesting content and injection points. Vega runs modules on the web application that test for vulnerabilities or analyze content. These modules are written in Javascript and are entirely customizable. Vega modules can generate alerts to make users aware of the findings.

Vega also includes an intercepting proxy. The proxy is situated between a browser and the target application, intercepting all requests and responses between them. Users can view the interaction of the client with the website, intercepting and modifying requests and responses to probe and verify possible vulnerabilities. The proxy is also capable of intercepting HTTPS communications with dynamically generated man-in-the-middle certificates.

Users can also write their own modules on top of Vega and extend it significantly.

You can read more on SubGraph’s blog: http://keystream.subgraph.com/2011/07/01/vega-beta-release/.