Difference between revisions of "Projects/OWASP Zed Attack Proxy Project/Pages/Talks"

From OWASP
Jump to: navigation, search
(Created page with "'''Upcoming Talks:''' '''2013 October 31: OWASP Limerick Day [https://www.owasp.org/index.php/OWASP_Limerick_Day_2013 Simon Bennetts: ZAP - Whats even newer]''' The Zed Att...")
 
Line 2: Line 2:
  
  
'''2013 October 31: OWASP Limerick Day [https://www.owasp.org/index.php/OWASP_Limerick_Day_2013 Simon Bennetts: ZAP - Whats even newer]'''
+
'''2013 November 6: OWASP Los Angeles Chapter [https://www.owasp.org/index.php/Los_Angeles Ben Walther: Whiz, Bang, ZAP! An introduction to OWASP's Zed Attack Proxy.]'''
  
The Zed Attack Proxy is one of the most popular OWASP projects, and has an enthusiastic developer community which encourages participation.
+
The OWASP Zed Attack Proxy (ZAP) is "an easy to use integrated penetration testing tool for finding vulnerabilities in web applications."
  
There are many new developments in progress that will provide functionality currently unavailable in other security tools.
+
The technology is comparable to IBM AppScan and HP WebInspect - but free, open source and maintained by OWASP volunteers.  
  
In this session Simon will give a quick introduction for newcomers to ZAP, and then dive into the latest changes.
+
The project has seen a tremendous amount of development lately. Learn about the tool, what it can do for you, and optionally bring your laptop to follow along as we use it to test some (purposefully insecure) web applications.  
  
  

Revision as of 04:22, 1 November 2013

Upcoming Talks:


2013 November 6: OWASP Los Angeles Chapter Ben Walther: Whiz, Bang, ZAP! An introduction to OWASP's Zed Attack Proxy.

The OWASP Zed Attack Proxy (ZAP) is "an easy to use integrated penetration testing tool for finding vulnerabilities in web applications."

The technology is comparable to IBM AppScan and HP WebInspect - but free, open source and maintained by OWASP volunteers.

The project has seen a tremendous amount of development lately. Learn about the tool, what it can do for you, and optionally bring your laptop to follow along as we use it to test some (purposefully insecure) web applications.


2013 November 14: DEVOXX Antwerp David Tillemans: Security test automation in software development using open source tools

Writing secure software is better than plugging holes. A high level of automation is essential for building security into your software development lifecycle.

David Tillemans, application security expert at Smals (www.smals.be), will talk about some standard security checks and demonstrate the essential testing tools.

Findbugs and PMD are well know open source tools offering great security oriented features.

ZAProxy, a web application security scanner developed by OWASP (Open Web Application Security Project), is great for testing the security issues of the web frontend. It can be integrated in your test driven development lifecycle. The session will demonstrate the integration of ZAproxy into Maven using a plugin and how to perform automatic web security scans based on your Selenium tests.


2013 November 20: AppSec USA New York Simon Bennetts: ZAP Innovations

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.

This talk will focus on the latest changes to ZAP and the plans for it’s future.

Due to the growing number of people working on ZAP, and the fact that there are 5 ZAP related Google Summer of Code 2013 projects, the content of the talk will be announced closer to the conference date.


2013 November 21: AppSec USA New York Simon Bennetts: ZAP Hackathon

This session is a chance for people to learn how to work on ZAP from the ZAP Project Leader. ZAP is a community project, and as such participation is actively encouraged.

Simon will explain the numerous ways in which individuals and companies can contribute to ZAP. He will also explain how the code is structured and explain how any part of the project can be changed. Working on ZAP is a great way to learn more about web application security.

Being able to change the code means that you can add and change any features you want, either just for you own benefit or to contribute back to the community. There will be time set aside for hacking ZAP, with Simon on hand to answer any questions and give any guidance required.

This is a great opportunity to be part of the fastest growing and most active OWASP project.

During this session, Simon will:

  • Explain how people can contribute to ZAP.
  • Demonstrate how to set up a ZAP development environment.
  • Explain ZAP code structure.
  • Show people how to code scripts, active/passive scan rules, add-ons, core changes and improve the docs and localization.
  • Let people hack the ZAP code and docs with full support and guidance.