Using OWASP ZAP to find vulnerabilities in your web apps

Do you dread when the web application you are working on has to go to security for a scan, only to get a massive report from Web Inspect or App Scan? Or worse, the web application is never scanned for vulnerabilities and just put into production? In this session, David takes you through OWASP Zed Attack Proxy (ZAP), an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Showing you how to get ZAP installed, test your web application, and have more confidence that you won't have a massive report from security or hackers pwn your web application first.

Target audience

Developers that want to be more security conscience

Assumed Knowledge

Basic knowledge of OWASP Top Ten

You will learn

  • What is OWASP ZAP
  • Why use ZAP
  • Testing for vulnerabilities with ZAP
    • Automated Testing
    • Directed Testing
  • Integrating ZAP with other tools
    • mod_security
    • sqlmap, nikto


Dave Epler