OWASP's Zed Attack Proxy (ZAP) is one of the most powerful tools in the world of Application Security testing. It is an OWASP Project that is widely used, well-supported and managed by an active community of developers, contributors, and users. However, despite its ever-increasing awareness and acceptance, ZAP’s full extent of capabilities is seldom utilized.
This training introduces participants to some of the more advanced use-cases of OWASP ZAP, especially in
areas such as (but not limited to):
● OWASP ZAP API - Use of ZAP’s powerful API to perform automated Application Security Scanning with
● Use of OWASP ZAP within Continuous Integration and Deployment environments - For instance, use of
ZAP for continuous scanning with CI services like Jenkins
● Leveraging Functional Automation Tests written in Selenium and other Unit Testing Frameworks to
perform “parameterized” scanning with OWASP ZAP
● Leveraging OWASP ZAP’s powerful Scripting Framework to create custom scripts to perform everything
from reconnaissance to advanced vulnerability detection and exploitation.
● Extend ZAP’s capability to Acceptance Driven Testing, with we45’s powerful Robot Framework
integration for OWASP ZAP.
Who can benefit from this training?
This training is beneficial to both security and development teams. Application security professionals can learn how to get more out of OWASP ZAP while development and QA engineering teams can learn how to integrate functional automation scripts with ZAP.
"Parameterised Scanning" - is the practice of creating/leveraging software test automation to use as an input for Application Security Testing. Here's how you can run parameterised scanning with NightwatchJS and ZAP.
In this webinar, we illustrate, with the help of live demonstrations, the gamut of possibilities that OWASP Zed Attack Proxy API and scripting brings for development and security engineering teams alike.
The Zed Attack Proxy (ZAP) is an open source tool maintained under OWASP. In this article, we throw some light on some features that make ZAP the go-to tool for any security tester.