Spider AJAX Spidter Fuzzer Context Scan Policy Manager Break Point Scrit Baseline Scan Passive Scanner Brute force scanner Port scanner Dynami SSL certificates API Beanshell integration Auto tagging Advanced Scanning Zest Plug-n-hack

Workflow • Intercepting the traffic • Traditional and AJAX spiders • Automated scanners • Analysing the scan results • Reporting

Video Tutorial

https://owasp-academy.teachable.com/courses/ https://github.com/zaproxy/zaproxy/wiki/Videos

OWASP Top 10 Vulnerabilities

Injection
Broken authentication and session management
Cross-site scripting (XSS)
Insecure direct object references
Security misconfiguration
Sensitive data exposure
Missing function-level access control
Cross-Site Request Forgery (CSRF)
Using components with known vulnerabilities
Unvalidated redirects and forwards

https://www.slideshare.net/psiinon/owasp-2015-06appseceuzap24 https://www.slideshare.net/adigupt09/the-owasp-zap-rn-d-presentation

https://www.slideshare.net/ColdFusionConference/owasp-zap https://www.slideshare.net/adigupt09/the-owasp-zap-rn-d-presentation

https://www.slideshare.net/psiinon/2014-0730-owasp-zap-course-canberra-1

https://www.slideshare.net/psiinon/javaone-2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Video Tutorial

FilesExpand file tree

OWASPVulnerabilities.md

Latest commit

History

OWASPVulnerabilities.md

File metadata and controls

Video Tutorial