A step towards a secure site with ZAP

 

Prerequisite for attendees

As such there is no pre-requisite; however knowledge of the following will be beneficial:

  • Security testing and understanding of its importance
  • Basic understanding of Jmeter

 

Session Details/Overview

The session will cover the following:

* About OWASP - The OWASP (Open Web Application Security Project) is an online community which produces freely-available documentation, tools, and technologies in the field of web application security.

* About ZAP - ZAP (Zed Attack Proxy) is an open source tool which is offered by OWASP, for penetration testing (which is a part of security testing) of your website/web application. It helps you find the security vulnerabilities in your application.

Other than that, ZAP is an easy-to-use tool. Following are some more reasons for using ZAP:

  • Ideal for both beginners and professionals

  • Cross-platform - works across all OS (Linux, Mac, Windows)

  • Reusable - The ZAP session can be saved and later reused.

  • Can generate readable HTML reports of the results

 

Key takeaways

After attending the session, the audience will be apprised of the following: 

  • Basic knowledge of the common security threats (OWASP top 10)
  • What is ZAP
  • ZAP installation
  • How it works
  • Understanding the important terminologies of ZAP including Session, Context etc.
  • Achieve automated security tests using ZAP + Jmeter
  • Ability to run a simple security test on a dummy website - hands-on