How to conduct a self vulnerability assessment

Posted: April 22, 2014 in Security
Tags: , , ,

OWASP provides an virtual machine that contains quite a few self assessment tools. You can download it from

The virtual machine is based on Xubuntu and you can select ubuntu when you install from virtualbox.

The login user and password is owasp/owasp.

After login, you can open ZAP proxy to start your own test. The firefox browser has been configured to work with ZAP Proxy.


To test in windows, you can download ZAP Proxy from

After installation,

  • Start ZAP proxy
  • Open http://localhost:8080/pnh/ in your Firefox browser and install the Firefox plug-n-hack add-on
  • Setup your firefox proxy to use localhost:8080 as proxy, which is the default local proxy for ZAP.

Just browse the site you want to test, it should be traced by ZAP.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s