Hey, We've been quietly working for the last few months on a new platform for scanning and pen-testing web applications. It's called Vega. It's GUI-based, open source, and includes an automated scanner and intercepting proxy. We launched the beta today at FISL12. Vega is written in Java, based on Eclipse RCP, and runs nicely on OS X, Linux, and Windows. Vega is also really extensible: there's an embedded Javascript interpreter for writing custom modules. The rich API is documented on our Trac wiki. Nearly all of the vulnerability checks are Javascript modules, and it's very easy to write new ones. Vega is developed by Subgraph in Montreal and is licensed under the EPL 1.0. Download Vega 1.0 Beta at http://www.subgraph.com. You can find us in #subgraph on freenode. Looking forward to hearing beta feedback. -- David Mirza <dma@xxxxxxxxxxxx> Subgraph Vega, the Open Source Web Security Platform http://www.subgraph.com Twitter: @subgraph E73B E35A 0D3A FC28 E5A9 5266 21EB 2FBC 1C84 0AA5
