Overview
Explore the new Heads Up Display feature of OWASP Zed Attack Proxy (ZAP) in this conference talk from AppSecUSA 2018. Discover how this popular free security tool can automatically detect vulnerabilities in web applications during development and testing phases. Learn about ZAP's capabilities for both automated and manual security testing, with a focus on the innovative Heads Up Display. Follow along as David Scrobonia demonstrates key features, including enabling hidden fields, attack mode, page alert icons, and scripting. Gain insights into the SAP API, understand how the Heads Up Display works under the hood, and explore its source code and service worker implementation. Whether you're a developer, tester, or experienced pentester, this talk offers valuable knowledge to enhance your web application security practices.
Syllabus
Introduction
Demo
Show Enable Hidden Fields
Attack Mode
Page Alert Icons
Scripting
SAP API
How it Works
Source Code
Service Worker
Taught by
OWASP Foundation