We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Practical Security for developers using OWASP ZAP

Formal Metadata

Title
Practical Security for developers using OWASP ZAP
Title of Series
Number of Parts
90
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Any application exposed to the internet will be attacked, either by automated tools or manually by individuals looking to compromise it and its users. Security should be considered throughout the development process, but testing for security vulnerabilities (penetration testing) is a key part of secure software development. This is a particular challenge for open source projects as most developers have limited security experience and often don't have the funds to pay for external expertise. This talk introduces the OWASP Zed Attack Proxy (ZAP), an integrated penetration testing tool for finding vulnerabilities in web applications. It is completely free, open source and cross platform, as well as being a community orientated project that actively encourages participation. While ZAP is used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers. ZAP can be run interactively, but it also supports a REST API, making it ideal for including in a continuous integration environment. Simon will show how ZAP can be used to find vulnerabilities, both manually and as part of an automated build. He will also give an overview of some of the more advanced features, and explain how they can be used for more complex security testing.