YoVDO

An Introduction to ZAP - The OWASP Zed Attack Proxy

Offered By: LASCON via YouTube

Tags

LASCON Courses Cybersecurity Courses Penetration Testing Courses Web Application Security Courses Fuzzing Courses

Course Description

Overview

Explore the OWASP Zed Attack Proxy (ZAP) in this 57-minute conference talk by Simon Bennetts at LASCON 2012. Learn about basic penetration testing techniques, ZAP's release history, and its core principles. Discover how ZAP is used across different countries and gain insights into its additional features. Watch a live demonstration covering various aspects such as attack history, search expressions, breakpoints, active scanning, brute force attacks, and more. Understand how to work with anti-CSRF tokens, perform fuzzing, and manage alerts including false positives. Dive into security testing practices, session management, and community involvement. Conclude with a comprehensive summary of ZAP's capabilities and its significance in web application security testing.

Syllabus

Introduction
Simons Statement
Basic Pen Testing Techniques
Release history
Principles
Countries
Information
Additional Features
Demo
Attack
History
Search
Expressions
Breakpoints
History and Sites
Active Scan
Stop It
Brute Force
Other Features
Contact Us
AntiCSRF Token
Fuzzing
Searching
Active Scanning
Testing
Alerts
False positives
Ignore alerts
Save session
Open session
Community
Security Testing
Summary Conclusions


Taught by

LASCON

Related Courses

Comparing WAF and RASP - Why?
LASCON via YouTube
API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube
Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube
Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube
Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube