Reputation: 43
Vulnerability assessment on a website deployed on VM
I'm tasked to do a vulnerability assessment on the OWASP Juice shop that is hosted on a VM. The VM that is provided to me is running on VMWare (no UI, only an IP address to access the website with a custom port number). I've used Nmap, Nikto, OpenVAS, and Nessus with almost all settings related to web application scans.
The problem is all these tools are detecting the VM itself, showing that the port number of the website is open and some useless information but nothing else. I would appreciate any help.
Upvotes: 0
Views: 211
Answers (1)
Reputation: 6216
You need to use a tool designed for attacking websites, like OWASP ZAP. Note that Juice Shop is designed to teach people how to find vulnerabilities. Many of the issues it contains are not easily discoverable by automated tools like ZAP.
Upvotes: 2
Related Questions
- Web Applications Security
- OWASP top ten attacks and Spring Security
- Web Application Infrastructure
- Load testing against web application installed in VM
- Veracode testing , Detecting and fixing flaws
- How secure a web application with OpenAM
- Web application development on Virtual Machine
- Under construction web security
- web application attacks and must have defence methods