Question: Solution : the Virtual machine OWASP BWA can be downloaded from: https://sourceforge.net/projects/owaspbwa/ The file (~2 GB file) is is compressed zip folder in .7z format
Solution: the Virtual machine OWASP BWA can be downloaded from: https://sourceforge.net/projects/owaspbwa/
The file (~2 GB file) is is compressed zip folder in .7z format so you might need a tool like 7zip to extract it.
If you need to login to the BWA machine, the credentials for OWAP BWA should be (username:password): root:owapbwa
Problem: How do I install Nessus and OpenVAS on my system or Kali Linux VM?
Solution: Nessus is cross platform and should work on any OS but OpenVAS would be easier to install on the Kali VM or a Linux distribution.
For Nessus it should be preinstalled on Kali but you can also obtain the Free version from: https://www.tenable.com/productsessus
For OpenVAS you can install this on your linux distro like Kali Linux and the below commands can help with installing the software in the terminal emulator.
sudo apt install gvm to install Greenbone Vulnerability Management(gvm) sudo gvm-setup to set up the tool for the first time use sudo gvm-feed-update to update the feed only sudo gvm-start/stop to start or stop the service
You are tasked to perform a vulnerability assessment on one of the web servers. You will be able to understand how vulnerability scanners like Nessus and vulnerabilities might reside on the system. As well researching and coming up with security controls that can be implemented to remediate of NOTE: Do not scan devices (public or internal) you don't have permission to scan. The Software/Tools you will use are: - Virtualization Platform of choice (example VirtualBox / VMware product) - OWASP BWA (Broken Web Application) virtual Machine - Kali Linux VM - Nessus - OpenVAS (probably easier to use the GSM OpenVAS appliance) 1. Perform Vulnerability scan with the free version of Nessus on the OWASP BWA VM (credentialed or non-credentialed scan) - Provide a screenshot demonstrating the use of the tool 2. Perform another vulnerability scan using OpenVAS vulnerability scanner on the OWASP BWA VM (credentialed or non-credentialed scan) - Provide a screenshot demonstrating the use of the tool 3. Compare the results from the reports Nessus and OpenVAS generated - Research and describe at least 2 to 3 of the findings in the high, medium, and low severity on the report - Note: Looking into the various vulnerability or exploit databases could provide additional information - Make recommendations regarding what security controls can be implemented to mitigate/remediate the vulnerability
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help