Security testing web applications in your internal network using Beagle Security Cosmog

What is Beagle Security Cosmog?

The Cosmog configuration allows you to run security tests for applications in your internal network without having to expose them on the internet. 

The Cosmog client installed in your internal network connects with the Cosmog server to establish a secure link between the Beagle Security testing engine and your organization's private network.  

A single installation is enough to run tests for all the applications in your internal network. If required, you have the option to set up different profiles, each responsible for a separate internal network or location. 

Once you start a security test, the Cosmog server will be ready to accept connections from the on-prem client. All you have to do is start the Cosmog client. Once you initiate the client, a secure encrypted channel is established between Beagle Security and your network. This makes sure that all traffic for the penetration test is end-to-end encrypted and protected. 

Adding a profile

1. Click on your profile dropdown and select Settings 

2. Select Organization --> Cosmog configuration 

3. Click on Add New Profile button 

4. Give it a Profile name, select Bridge IP address, Test IP range and click Save

    

Bridge IP address – A unique IP address that needs to be assigned for the Cosmog client. Make sure that the IP address is not assigned to any other internal devices or systems.  

Test IP range – The IP address/IP range of the application(s) that need to be security tested. It should be specified as CIDR range.

Installation process

For installing the Cosmog client in your network, follow the below procedure: 

1. Click on your profile dropdown and select Settings 

2. Select Cosmog configuration under Organization 

3. Select a Profile and click on the Install button 

4. From the resulting pop-up modal, select the installation type and the platform 

5. Copy the command and run it on your host machine 

Note: If your host machine runs on Mint, Ubuntu, etc you can select the Platform as Debian and if it's Fedora, Red Hat, etc you can select Platform as centOS. 

How to add an internal application and start a test?

1. While adding a new application, you can select whether it’s a Public or Internal application  

2. After selecting Internal, you can then select whether it’s a web application or API and provide the Project Name and Application name 

3. Next, select the relevant Cosmog client profile, enter the URL and port number. By default, the port will be selected as 80 

   

4. Click on the Test button to check the connection 

5. Add user input (if required) and click on the Start test button