Past Meetup

Using OWASP ZAP to find vulnerabilities in your web apps

This Meetup is past

53 people went

Location image of event venue

Details

Do you dread when the web application you are working on has to go to security for a scan, only to get a massive report from Web Inspect or App Scan? Or worse, the web application is never scanned for vulnerabilities and just put into production? In this session, David takes you through OWASP Zed Attack Proxy (ZAP), an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Showing you how to get ZAP installed, test your web application, and have more confidence that you won't have a massive report from security or hackers pwn your web application first.

• What is OWASP ZAP

• Why use ZAP

• Testing for vulnerabilities with ZAP

• Automated Testing

• Directed Testing

• Integrating ZAP with other tools

• mod_security, sqlmap, nikto

We will be using Kali 1.0.6 (http://www.kali.org/downloads/) as the attack VM and OWASP Broken Web Apps 1.1.1 (http://sourceforge.net/projects/owaspbwa/files/1.1.1/) as the target VM.