2020 OWASP Thailand - ZAP intro
?
0 likes?329 views
Simon Bennetts gave an overview of OWASP ZAP, a free and open source tool for finding vulnerabilities in web applications. ZAP is the world's most widely used web scanner with over 85,000 direct downloads and 1 million runs in March 2020 alone. ZAP releases new versions on average twice a year, adds new features as needed, and provides weekly release updates. The talk covered ZAP's desktop interface, heads up display, and automation capabilities through command line, packaged scans, GitHub actions, and an API.
2020 OWASP Thailand - ZAP intro
- 1. OWASP ZAP Introduction Simon Bennetts ZAP Project Lead OWASP Thailand 2020 July 2
- 2. This Talk ● Overview ● Desktop ● Heads Up Display ● Automation
- 3. What is ZAP? ● A tool for finding vulnerabilities in web applications ● An OWASP Flagship Project ● Free and Open Source ● Cross platform ● Well maintained ● And ...
- 4. The worlds most widely used web scanner ● > 85,000 direct downloads ● > 220,000 Docker pulls ● > 1 million runs ● In March 2020 alone!
- 5. Who is ZAP For? ● Developers and functional testers (QA) ● Students ● Security Professionals
- 6. How often is ZAP released? ● Full releases – averaging 2 a year ● Add-ons – released as and when required ● Weekly releases (zip and docker image) ● Live docker image
- 7. ZAP Overview Any Questions so far?
- 9. The ZAP HUD
- 10. ZAP Automation ● Command line scan ● Packaged Scans ● GitHub actions ● Daemon + API