A Step Towards A Secure Site With ZAP
Prerequisite for attendees:
As such there is no pre-requisite; however knowledge of the following will be beneficial:
- Security testing and understanding of its importance
- Basic understanding of Jmeter
Session Details/Overview:
The session will cover the following:
* About OWASP - The OWASP (Open Web Application Security Project) is an online community which produces freely-available documentation, tools, and technologies in the field of web application security.
* About ZAP - ZAP (Zed Attack Proxy) is an open source tool which is offered by OWASP, for penetration testing (which is a part of security testing) of your website/web application. It helps you find the security vulnerabilities in your application.
Other than that, ZAP is an easy-to-use tool. Following are some more reasons for using ZAP:
- Ideal for both beginners and professionals
- Cross-platform - works across all OS (Linux, Mac, Windows)
- Reusable - The ZAP session can be saved and later reused.
- Can generate readable HTML reports of the results
Key takeaways:
After attending the session, the audience will be apprised of the following:
- Basic knowledge of the common security threats (OWASP top 10)
- What is ZAP
- ZAP installation
- How it works
- Understanding the important terminologies of ZAP including Session, Context etc.
- Achieve automated security tests using ZAP + Jmeter
- Ability to run a simple security test on a dummy website - hands-on