Difference between revisions of "Projects/OWASP Zed Attack Proxy Project/Pages/Talks"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
'''Upcoming Talks:'''
 
'''Upcoming Talks:'''
  
'''2014 Jan 27: OWASP AppSec California [http://sched.co/18f8ZVj Ben Walther: Whiz, Bang, ZAP! An introduction to OWASP's Zed Attack Proxy]'''
+
'''2014 Feb 23: SCALE 12x Los Angeles [http://www.socallinuxexpo.org/scale12x/presentations/zapping-your-applications Aaron Guzman: ZAPping your applications]'''
  
The OWASP Zed Attack Proxy (ZAP) is "an easy to use integrated penetration testing tool for finding vulnerabilities in web applications."
+
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated testing tool for finding vulnerabilities and bugs in web applications.  
  
The technology is comparable to IBM AppScan and HP WebInspect - but free, open source and maintained by OWASP volunteers.  
+
ZAP is a flagship OWASP project with an active community behind it. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.  
  
The project has seen a tremendous amount of development lately.  
+
It is designed to be used by people with a wide range of experience in developing, security penetration testing and functional testing.  
  
Learn about the tool, what it can do for you, and optionally bring your laptop to follow along as we use it to test some (purposefully insecure) web applications.  
+
As such, this presentation will be covering basic to intermediate testing on web applications, use cases, basic scripting, zest scripting, and integration automation for software development lifecycle.  
  
  

Revision as of 07:28, 29 January 2014

Upcoming Talks:

2014 Feb 23: SCALE 12x Los Angeles Aaron Guzman: ZAPping your applications

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated testing tool for finding vulnerabilities and bugs in web applications.

ZAP is a flagship OWASP project with an active community behind it. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

It is designed to be used by people with a wide range of experience in developing, security penetration testing and functional testing.

As such, this presentation will be covering basic to intermediate testing on web applications, use cases, basic scripting, zest scripting, and integration automation for software development lifecycle.


2014 May 13-16: CF.Objective() Bloomington, MN Dave Epler: Using OWASP ZAP to find vulnerabilities in your web apps

Target Audience: Developers

Assumed Knowledge: Basic knowledge of OWASP Top Ten

Objective: To learn how to use OWASP ZAP to test your web application for vulnerabilities

  • What is OWASP ZAP
  • Why use ZAP
  • Testing for vulnerabilties with ZAP
  • Automated Testing
  • Directed Testing
  • Integrating ZAP with other tools