We're thrilled to introduce BugBait to the community — a purpose-built vulnerable web application for students, developers, and cybersecurity enthusiasts to sharpen their manual hacking skills and exploit a range of vulnerabilities.

In the last 6 months, I have noticed that there is an exponential increase in hacking activities specially targeted to CMS based websites i.e. Wordpress and Joomla. Both these platforms offer business owners a comfortable base to built application within no time.

Security study has again proved that most of the web application security attacks (approx 85% as per Gartner and NIST) are generated from application layer. It has always been a challenge for developers to validate parameters in URL, HTTP header, HTP request and non-editable fields on the page.

Many times I have encountered a problem with projects where large scanning of network host is required. In that case, you simply cannot expect your consultant to scan each host individually, analyze output and list down all vulnerable ports/services. Yes..we can even detect open ports with Nessus but still it has a host limitation per scan.

In the process of automating network scans for large networks there is a necessity to automate Nessus scans as well. The major advantage and most important point of this automation is that it allows you to do a Schedule scan in Home Feed version (which is only available in Pro feed) and the easiest part is your scans would run as if you are running from your Nessus web interface client.

The next step is to configure ModSecurity with OWASP CRS (Core Rule Set) rules.