Overview
Explore the powerful OWASP Zed Attack Proxy (ZAP) in this comprehensive 58-minute tutorial. Dive into this free, open-source integrated penetration testing tool for identifying vulnerabilities in web applications, comparable to commercial alternatives like IBM AppScan and HP WebInspect. Learn about ZAP's features, its recent developments, and how to leverage it effectively. Follow along with hands-on demonstrations using purposefully insecure web applications. Cover essential topics including installation, getting started, scanning websites, working with contexts, fuzzing, automated tests, the ZAP Marketplace, and advanced features like Zest, breakpoints, and scripting. Gain valuable insights into web application security testing and enhance your penetration testing skills with this OWASP volunteer-maintained tool.
Syllabus
Intro
The Goal
About Me
Who is ZAP for
Demo
Apps
Documentation
Installing ZAP
Getting started with ZAP
Using ZAP
Logging in
Scanning the site
Contexts
Context
Fuzzing
Can Tests
The Marketplace
Conclusion
QA
Zest
Breakpoints
Scripting
Taught by
OWASP Foundation