03-08-2023 01:52 PM
Hello Everyone,
I have a use case that I’m trying to test in a lab, but I can’t figure out how to perform the test, and I’m looking for guidance.
My use case is to drop traffic if the firewall detects certain CVE vulnerabilities in the traffic. My question is, how can I actually test this if my test endpoint is not vulnerable, or I do not know of a server with vulnerabilities?
03-11-2023 03:44 PM
Hello @JasonMcNulty
in lab environment I would recommend to deploy a VM with DVWA Ref , then build another VM running vulnerability scanners for example OpenVAS, Metasploit. All these are open source or have free version. As next step, please each VM into own zone, apply policy with security profiles and start scanning the DVWA server.
Kind Regards
Pavel
03-13-2023 07:07 AM
Thanks for the reply Pavel! I have created a DVWA server and I think you provided me with the final pice of the puzzle, which is to scan that server! That is what I did not try.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
