Ola from Porto Alegre, Brazil. I’m here speaking at FISL 12 on open source and security. We’re also launching our beta.

So we’re pleased to officially announce the public release of the Vega platform 1.0. Vega is a GUI-based, open source platform for testing the security of web applications. It runs on Linux, Mac OS X, and Windows. The core of Vega functionality is in its automated scanner and intercepting proxy.

Vega is written in Java and based on the Eclipse RCP framework. We’ve built-in the Mozilla Rhino Javascript interpreter. It is open source software (licensed under the EPL version 1.0).

Automated Scanner

The automated scanner crawls a web application, analyzing pages, looking for interesting content and injection points. Vega runs modules on the web application that test for vulnerabilities or analyze content. These modules are written in Javascript and are entirely customizable. Vega modules can generate alerts to make users aware of the findings.

Intercepting Proxy

Vega also includes an intercepting proxy. The proxy is situated between a browser and the target application, intercepting all requests and responses between them. Users can view the interaction of the client with the website, intercepting and modifying requests and responses to probe and verify possible vulnerabilities. The proxy is also capable of intercepting HTTPS communications with dynamically generated man-in-the-middle certificates.

Extensibility

Vega is much more than a simple web scanner and proxy. Vega is a platform on which many future web security testing methods can be implemented. In 1.0 beta it is possible for users to write their own modules for the scanner in a language they already know, Javascript, using an intuitive and powerful API. Alerts are XML-based and easy to customize. We’ll be writing blog posts with tutorials on developing custom Vega modules.

Get Vega

Download the Vega Platform 1.0 beta and let us know what you think. Documentation is available online here.

Finally, join us on Freenode, channel #subgraph.