Penetration testing

Now that we have seen how to secure our message broker, we also need to test that our setup is indeed in place and really prevents attackers from bringing down the message broker or stealing messages. For this reason, you can build your own custom tool for penetration testing of the message broker, which performs the following functions:

It checks whether the guest/guest user is present and it can perform administrative activities.
It tries to brute-force passwords for an existing set of users, either based on a password generation policy or using a predefined password database.
It tries to access prohibited vhosts from a particular set of users.
It uses nmap to check whether the management console and RabbitMQ communication ports ...

Get Learning RabbitMQ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning RabbitMQ by Martin Toshev

Penetration testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly