2020 OWASP Thailand - ZAP intro

•

0 likes•301 views

Simon Bennetts gave an overview of OWASP ZAP, a free and open source tool for finding vulnerabilities in web applications. ZAP is the world's most widely used web scanner with over 85,000 direct downloads and 1 million runs in March 2020 alone. ZAP releases new versions on average twice a year, adds new features as needed, and provides weekly release updates. The talk covered ZAP's desktop interface, heads up display, and automation capabilities through command line, packaged scans, GitHub actions, and an API.

Internet

OWASP ZAP
Introduction
Simon Bennetts
ZAP Project Lead
OWASP Thailand 2020 July 2

This Talk
●
Overview
●
Desktop
●
Heads Up Display
●
Automation

What is ZAP?
●
A tool for finding vulnerabilities in web applications
●
An OWASP Flagship Project
●
Free and Open Source
●
Cross platform
●
Well maintained
●
And ...

The worlds most widely used web scanner
●
> 85,000 direct downloads
●
> 220,000 Docker pulls
●
> 1 million runs
●
In March 2020 alone!

Who is ZAP For?
●
Developers and functional testers (QA)
●
Students
●
Security Professionals

How often is ZAP released?
●
Full releases – averaging 2 a year
●
Add-ons – released as and when required
●
Weekly releases (zip and docker image)
●
Live docker image

ZAP Automation
●
Command line scan
●
Packaged Scans
●
GitHub actions
●
Daemon + API

Find Out More
●
www.zaproxy.org
●
www.alldaydevops.com/zap-in-ten

What's hot

BlackHat 2014 OWASP ZAP Turbo TalkSimon Bennetts

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...gmaran23

2014 ZAP Workshop 1: Getting StartedSimon Bennetts

OWASP 2013 AppSec EU Hamburg - ZAP InnovationsSimon Bennetts

Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...Codemotion

OWASP 2012 AppSec Dublin ZAP IntroSimon Bennetts

Scripts that automate OWASP ZAP as part of a continuous delivery pipelineSherif Mansour

BSides Manchester 2014 ZAP Advanced FeaturesSimon Bennetts

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...gmaran23

OWASP 2013 EU Tour Amsterdam ZAP IntroSimon Bennetts

OWASP 2013 APPSEC USA Talk - OWASP ZAPSimon Bennetts

2014 ZAP Workshop 2: Contexts and FuzzingSimon Bennetts

Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...gmaran23

OWASP Zed Attack ProxyFadi Abdulwahab

OWASP ZAP API AutomationThivya Lakshmi

Zap vs burpTomasz Fajks

Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates

rsyslog meets dockerRainer Gerhards

Automating OWASP ZAP - DevCSecCon talk Simon Bennetts

What's hot (20)

BlackHat 2014 OWASP ZAP Turbo Talk

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

2014 ZAP Workshop 1: Getting Started

OWASP 2013 AppSec EU Hamburg - ZAP Innovations

Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...

OWASP 2012 AppSec Dublin ZAP Intro

Scripts that automate OWASP ZAP as part of a continuous delivery pipeline

BSides Manchester 2014 ZAP Advanced Features

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

OWASP 2013 EU Tour Amsterdam ZAP Intro

OWASP 2013 APPSEC USA Talk - OWASP ZAP

2014 ZAP Workshop 2: Contexts and Fuzzing

Using the Zed Attack Proxy as a Web App testing tool

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

OWASP Zed Attack Proxy

OWASP ZAP API Automation

Zap vs burp

Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP

rsyslog meets docker

Automating OWASP ZAP - DevCSecCon talk

Similar to 2020 OWASP Thailand - ZAP intro

How fast can you onboard a new team member with VAGRANT ?Vivek Parihar

blueMarine Sailing with NetBeans PlatformFabrizio Giudici

Magnificent Meteor -By Dipali Vyas (PM Zestard Technologies) for GDG Ahmedaba...Dipali Vyas

GitOps Core Concepts & Ways of Structuring Your ReposWeaveworks

Introduction to react native @ TIC NUSTWaqqas Jabbar

AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...Logan Best

TDD with Python and App EngineRicardo Bánffy

Introduction to React NativeWaqqas Jabbar

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Waysmalltown

Laravel workshopJasper Frumau

Java uk road tour - sep 06scoobeesnac

Jython on Djangofwierzbicki

“Practical DevOps by a small team of devs” by Ilgvars Jēcis from FinoTech at...DevClub_lv

Laravel Core Concept & EcosystemMesut Vatansever

Python Django Intro V0.1Udi Bauman

Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019Jakarta_EE

Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019The Eclipse Foundation

OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris BuytaertNETWAYS

Open Source Monitoring in 2019 Kris Buytaert

Groovy androidMario García

Similar to 2020 OWASP Thailand - ZAP intro (20)

How fast can you onboard a new team member with VAGRANT ?

blueMarine Sailing with NetBeans Platform

Magnificent Meteor -By Dipali Vyas (PM Zestard Technologies) for GDG Ahmedaba...

GitOps Core Concepts & Ways of Structuring Your Repos

Introduction to react native @ TIC NUST

AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...

TDD with Python and App Engine

Introduction to React Native

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

Laravel workshop

Java uk road tour - sep 06

Jython on Django

“Practical DevOps by a small team of devs” by Ilgvars Jēcis from FinoTech at...

Laravel Core Concept & Ecosystem

Python Django Intro V0.1

Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019

OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris Buytaert

Open Source Monitoring in 2019

Groovy android

Recently uploaded

Article writing on excessive use of internet.pptxabhinandnam9997

ER(Entity Relationship) Diagram for online shopping - TAEHimani415946

Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal

The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto

Stay Ahead with 2024's Top Web Design TrendsSynergic Softek Solutions

How to Use Contact Form 7 Like a Pro.pptxGal Baras

The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum

一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad

The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02

History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02

1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1

The Best AI Powered Software - Intellivid AI StudioVikram Brahma (Online-Digital-Entrepreneur)

Recently uploaded (12)

Article writing on excessive use of internet.pptx

ER(Entity Relationship) Diagram for online shopping - TAE

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines

The Use of AI in Indonesia Election 2024: A Case Study

Stay Ahead with 2024's Top Web Design Trends

How to Use Contact Form 7 Like a Pro.pptx

The AI Powered Organization-Intro to AI-LAN.pdf

一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理

The+Prospects+of+E-Commerce+in+China.pptx

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop

1.Wireless Communication System_Wireless communication is a broad term that i...

The Best AI Powered Software - Intellivid AI Studio