November 7th Meetup: Hands-on introduction to OWASP BWA and ZAP

This interactive session will provide an introduction to two OWASP Projects:

• Broken Web Application (BWA) project, which releases a free virtual machine running web applications with known security vulnerabilities.
• Zed Attack Proxy (ZAP) project, which produces a free tool for testing web applications.

The goal of the session is to get attendees started working with these projects and comfortable to continue using them for self-study if desired. The OWASP BWA VM includes a variety of training applications that are well suited for people at a variety of skill levels.

In order to get the most from this session, attendees should bring a laptop with the following items downloaded / installed:

• OWASP ZAP (http://code.google.com/p/zaproxy/downloads/list), which requires a Java runtime
• A virtualization package, such as the free VirtualBox, free VMware Player, or commercial VMware Workstation
• The OWASP BWA VM (http://sourceforge.net/projects/owaspbwa/files/ or via BitTorrent at http://code.google.com/p/owaspbwa/wiki/OWASPBWABitTorrentDownload).

Please uncompress the VM before the session to save time.