Vega

Vega is a comprehensive and efficient, Java-based piece of software that makes it possible for you to run a wide variety of security-related tests on your website in order to discover possible vulnerabilities.

Considering that Java is already installed on your computer, the application undergoes a streamlined and uneventful installation process. The main advantage of being Java-based is the fact that Vega can be run just as efficiently on the most relevant OSes out there, namely Windows, macOS and Linux.

Before we go into detail about Vega's features, you should know that this utility can be easily looked upon as two applications, wrapped together into one, namely as an automated scanner and as an 'intercepting' proxy.

Upon first launching the app, you are greeted by a typical Java interface that is mostly based on user accessibility and simplicity, more than anything else. The layout is as straightforward as they come as Vega's main window is split into three, self-explanatory tabs: the Website View, the Scan Alerts and the Scan Info.

There is another UI element that is worth mentioning, namely the top toolbar. The intuitive toolbar helps you to quickly start new scans, stop the currently running ones, to edit the target scope and to switch between two perspectives, scanner and proxy.

In spite of its complex under-the-hood technology, working with Vega is surprisingly easy. To put it simply, you are first required to choose a target. You can manually input the base URL or pick an already existing target scope.

Once the scan is started, Vega automatically crawls your website's structure and extracts links, processing forms and running models. What is more, you can get an accurate view of the browser-web-app interaction thanks to its intercepting proxy.

In just a few words, the utility analyzes the communication between the client and the servers and performs SSL interceptions. The proxy has another usage, as it can be configured to actually run test attacks while the user is browsing the target website.

To conclude, if your web service is currently dependant on lots of user sensitive information and credentials, then you are strongly advised to at least consider giving Vega a quick try.

As a web-security-related tool, it really ticks almost all the important boxes: it is cross-platform, user-friendly and it has the potential to discover a wide palette of vulnerabilities, for example, it is well equipped for finding and fixing cross-site scripting and SQL injection, just to name a few.