An Introduction to ZAP - The OWASP Zed Attack Proxy
Offered By: LASCON via YouTube
Course Description
Overview
Explore the OWASP Zed Attack Proxy (ZAP) in this 57-minute conference talk by Simon Bennetts at LASCON 2012. Learn about basic penetration testing techniques, ZAP's release history, and its core principles. Discover how ZAP is used across different countries and gain insights into its additional features. Watch a live demonstration covering various aspects such as attack history, search expressions, breakpoints, active scanning, brute force attacks, and more. Understand how to work with anti-CSRF tokens, perform fuzzing, and manage alerts including false positives. Dive into security testing practices, session management, and community involvement. Conclude with a comprehensive summary of ZAP's capabilities and its significance in web application security testing.
Syllabus
Introduction
Simons Statement
Basic Pen Testing Techniques
Release history
Principles
Countries
Information
Additional Features
Demo
Attack
History
Search
Expressions
Breakpoints
History and Sites
Active Scan
Stop It
Brute Force
Other Features
Contact Us
AntiCSRF Token
Fuzzing
Searching
Active Scanning
Testing
Alerts
False positives
Ignore alerts
Save session
Open session
Community
Security Testing
Summary Conclusions
Taught by
LASCON
Related Courses
Comparing WAF and RASP - Why?LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube