Prerequisite for attendees:

As such there is no pre-requisite; however knowledge of the following will be beneficial:

• Security testing and understanding of its importance
• Basic understanding of Jmeter

Session Details/Overview:

The session will cover the following:

* About OWASP - The OWASP (Open Web Application Security Project) is an online community which produces freely-available documentation, tools, and technologies in the field of web application security.

* About ZAP - ZAP (Zed Attack Proxy) is an open source tool which is offered by OWASP, for penetration testing (which is a part of security testing) of your website/web application. It helps you find the security vulnerabilities in your application.

Other than that, ZAP is an easy-to-use tool. Following are some more reasons for using ZAP:

• Ideal for both beginners and professionals
• Cross-platform - works across all OS (Linux, Mac, Windows)
• Reusable - The ZAP session can be saved and later reused.
• Can generate readable HTML reports of the results

Key takeaways:

After attending the session, the audience will be apprised of the following: 

• Basic knowledge of the common security threats (OWASP top 10)
• What is ZAP
• ZAP installation
• How it works
• Understanding the important terminologies of ZAP including Session, Context etc.
• Achieve automated security tests using ZAP + Jmeter
• Ability to run a simple security test on a dummy website - hands-on