Overview
Explore the OWASP Zed Attack Proxy (ZAP) in this comprehensive 51-minute conference talk by Simon Bennetts. Gain insights into one of OWASP's most popular projects, designed for users with varying levels of security experience. Learn about ZAP's versatility as a tool for developers, functional testers new to penetration testing, and experienced pen testers alike. Discover the latest features, including those developed during Google Summer of Code, Plug-n-Hack, and the Zest scripting language. Get a sneak peek at upcoming capabilities not yet available in similar tools. Delve into topics such as security regression tests, enhanced sessions, SAML 2.0, CMS scanner, dynamic actions, and more. Understand ZAP's principles, main features, and various use cases through practical demonstrations and explanations from Simon Bennetts, the OWASP ZAP Project Leader and Mozilla Security Automation Engineer.
Syllabus
Intro
What is ZAP? . An easy to use webapp pentest tool
ZAP Principles
Ohloh Statistics
User Questionnaire
The Main Features All the essentials for web application testing
How can you use ZAP?
Security Regression Tests
Enhanced Sessions
SAML 2.0
CMS Scanner
Dynamic actions
Plug-n-Hack - Phase 1
Scripting
Zest - Overview
Zest - Use cases
Zest - Passive Scan Rule
Zest - Statements
Zest - Runtime
Plug-n-Hack - Phase 2
ZAP Hackathon!
Conclusion
Taught by
OWASP Foundation