Do you dread when the web application you are working on has to go to security for a scan, only to get a massive report from Web Inspect or App Scan? Or worse, the web application is never scanned for vulnerabilities and just put into production? In this session, David takes you through OWASP Zed Attack Proxy (ZAP), an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Showing you how to get ZAP installed, test your web application, and have more confidence that you won't have a massive report from security or hackers pwn your web application first.
• What is OWASP ZAP
• Why use ZAP
• Testing for vulnerabilities with ZAP
• Automated Testing
• Directed Testing
• Integrating ZAP with other tools
• mod_security, sqlmap, nikto
We will be using Kali 1.0.6 (http://www.kali.org/downloads/) as the attack VM and OWASP Broken Web Apps 1.1.1 (http://sourceforge.net/projects/owaspbwa/files/1.1.1/) as the target VM.