Explore how scripting in ZAP can bridge the gap between development teams and security in this 41-minute conference talk. Delve into opportunities, obstacles, and solutions for integrating security practices into development workflows. Learn about the tester mindset, test theory, and practical steps for implementing security testing. Discover the benefits of using ZAP's scripting capabilities, including Zest, and how they compare to traditional tools. Gain insights on ISO compliance, security hardness, and the challenges faced by different development types. Conclude with a recap, summary, and references for further exploration, including information on playgrounds and the possibility of mixing Zest with Python.
How Scripting in ZAP Can Bridge the Gap Between Dev Teams and Security
Overview
Syllabus
Introduction
Who am I
Who is in the room
Opportunities
Security
Obstacles
Learning
Dev Type Line
Multiple Choice
Biggest Obstacle
Security Hardness
ISO Compliance
Tester Mindset
Test Theory
Solution
Testers
Step 1 Learning
Step 2 Testing
PIPI Scanner
Zest
Demo
Questions
Benefits
Traditional tools
Recap
Summary
References
Playgrounds
QA
Can you mix Zest in Python
Taught by
OWASP Foundation
