How to conduct a self vulnerability assessment

Posted: April 22, 2014 in Security
Tags: , , ,

OWASP provides an virtual machine that contains quite a few self assessment tools. You can download it from https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Main_Links

The virtual machine is based on Xubuntu and you can select ubuntu when you install from virtualbox.

The login user and password is owasp/owasp.

After login, you can open ZAP proxy to start your own test. The firefox browser has been configured to work with ZAP Proxy.

owasp

To test in windows, you can download ZAP Proxy from https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.

After installation,

  • Start ZAP proxy
  • Open http://localhost:8080/pnh/ in your Firefox browser and install the Firefox plug-n-hack add-on
  • Setup your firefox proxy to use localhost:8080 as proxy, which is the default local proxy for ZAP.

Just browse the site you want to test, it should be traced by ZAP.

firefox

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s