Exploring vega: a tool for scanning vulnerabilities in penetration testing within web applications/ Sulastri Putit and Lenny Yusrina Bujang Khedif

In the realm of cybersecurity, penetration testing is essential for identifying and mitigating vulnerabilities before they can be exploited by attackers, particularly within web applications. Vega, an open-source web security scanner, stands out due to its comprehensive scanning capabilities and user-friendly interface, making it a valuable tool for vulnerability detection. This paper explores Vega’s core features, including automated scanning, manual testing, and customisable scanning profiles. It examines Vega’s effectiveness in detecting common web vulnerabilities like SQL injection and Cross-Site Scripting (XSS) and assesses its role in enhancing the penetration testing process. Real-world case studies are discussed, demonstrating Vega’s capabilities and limitations within practical testing environments. While Vega offers strong scanning capabilities, this paper posits that its effectiveness is significantly enhanced when combined with other security tools, highlighting Vega’s potential in strengthening security postures and suggesting avenues for future development, including enhanced machine learning integration to improve detection accuracy.