Getting Started with OWASP Zed Attack Proxy (ZAP) for Web Application Penetration Testing
Pluralsight
Course Summary
The OWASP Zed Attack Proxy is an open source way of testing your web applications manually. This course walks through the basic functions of ZAP, giving you a look at ways this tool makes taking advantage of web application vulnerabilities possible.
-
+
Course Description
This is a starter course for those jumping into the world of web application security. ZAP is the byproduct of an open source OWASP community project and is used by everyone from those starting out in security, to QA testers, and to professional penetration testers alike. In this course, Getting Started with OWASP Zed Attack Proxy (ZAP) for Web Application Penetration Testing, you'll learn the process to run your application through a series of tests. First, you'll start by learning the interface and understanding how ZAP works with the browser. Next, you'll discover how to prepare your environment as you setup for the attack. Then, you'll get walked through some of the manual and automated function of the tool. Finally, you'll explore how to report on what you found. By the end of this course, you'll get the knowledge to have the confidence to be able to step through an application, and find some opportunities to strengthen the security posture of the software.
-
+
Course Syllabus
Course Overview- 1m 38s
—Course Overview 1m 38sInstalling and Setting up Your ZAP Environment- 37m 35s
—Open Web Application Security Project (OWASP) 3m 37s
—ZAP User Interface 7m 42s
—Proxy Setup 10m 41s
—Browser Certificate 6m 21s
—Setting up a Legal Target 6m 25s
—Summary 2m 47sPrepping Your Attack Functions- 19m 6sScanning Your Web Application Functions- 23m 49sDocumenting Found Vulnerabilities- 24m 21s
