Using OWASP ZAP to find vulnerabilities in your web apps

NOTE: THIS MEETING IS ON THE 4TH WEDNESDAY OF THE MONTH, NEEDED TO MOVE DUE TO ORGANIZERS SCHEDULING CONFLICT, PLEASE MAKE NOT OF THIS CHANGE!!!!!!!

Please join me in an Adobe Connect Meeting:
http://experts.adobeconnect.com/novacfug-owaspzap/

----------------
Do you dread when the web application you are working on has to go to security for a scan, only to get a massive report from Web Inspect or App Scan? Or worse, the web application is never scanned for vulnerabilities and just put into production? In this session, David takes you through OWASP Zed Attack Proxy (ZAP), an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Showing you how to get ZAP installed, test your web application, and have more confidence that you won't have a massive report from security or hackers pwn your web application first.

Target audience

Developers that want to be more security conscience

Assumed Knowledge

Basic knowledge of OWASP Top Ten

You will learn:

What is OWASP ZAP

Why use ZAP

Testing for vulnerabilities with ZAP

Automated Testing

Directed Testing

Integrating ZAP with other tools

mod_security

sqlmap, nikto

David Epler is a Software Architect with AboutWeb in Rockville, MD. As a member of AboutWeb's solutions team, he has built, deployed, and maintained systems compliant with the most demanding regulations and mandates needed to pass security certification and accreditation for Federal Government clients. He has been developing with ColdFusion since version 4 and is an active member of the ColdFusion community.

David has contributed to several open source ColdFusion projects and frameworks, along with the blog he maintains (http://www.dcepler.net/). He was responsible for creating and maintaining Unofficial Updater 2 (http://uu-2.info/) which makes patching ColdFusion 8 and 9 significantly easier before the Hotfix installer was introduced in ColdFusion 10. He also contributed the Security chapter for Learn CF in a Week (http://www.learncfinaweek.com/?campaign=DavidEpler). David has been a speaker at various user groups and conferences like CFUnited, NCDevCon, cf.Objective(), and Adobe Government Technology Summit. He co-manages the Capital Area Cyber Security User Group in the Metro-DC Area (https://www.meetup.com/Capital-Area-Cyber-Security/).