Difference between revisions of "Projects/OWASP Zed Attack Proxy Project/Pages/Talks"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
'''Upcoming Talks/Training:'''
 
'''Upcoming Talks/Training:'''
  
'''2014 June 24: Velocity, Santa Clara, CA [http://velocityconf.com/velocity2014/public/schedule/detail/34139 James Wickett, Gareth Rushgrove] Battle-tested Code without the Battle - Security Testing and Continuous Integration'''
+
'''2014 August 6: Black Hat Arsenal, Las Vegas, NV: [https://www.blackhat.com/us-14/arsenal.html#Bennetts Simon Bennetts: OWASP ZAP]'''
  
Everyone knows that we need to harden our code before it goes into production, but very few actually test for security flaws in their delivery pipeline. We will show a basic continuous delivery pipeline that should be familiar to anyone who has worked with continuous integration, and then proceed to add steps to identify security issues in a typical web application stack.  
+
The Zed Attack Proxy (ZAP) is currently the most active open source web application security tool and competes effectively with commercial tools.
  
Attendees will be able to follow along either online or by building the pipeline locally on their own computers. All of the source code will be open source and available for people to use for testing their own applications after the conference. We’ll use a range of open source technology including OWASP ZAP, Gauntlt, Jenkins, Vagrant and more.
+
While it is an ideal tool for people new to appsec, it also has many features specifically intended for advanced penetration testing.
  
 +
Simon will give a quick introduction to ZAP and then dive into the more advanced features as well as giving an overview of where its heading.
  
'''2014 June 25: OWASP AppSec EU, Cambridge, UK [http://sched.co/1lS3vDS Simon Bennetts: ZAP Advanced Features]'''
 
  
The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.  
+
'''2014 September 28 - October 2: JavaOne, San Fransisco, CA: [https://oracleus.activeevents.com/2014/connect/sessionDetail.ww?SESSION_ID=5320 Simon Bennetts: Security Testing for Developers Using OWASP ZAP]'''
  
In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including:
+
Any application exposed to the internet will be attacked, and the earlier in the development cycle you find vulnerabilities, the better.
* Handling single page and other ‘non standard’ apps
+
* Client side testing with Plug-n-Hack
+
* Advanced scanning options
+
* Contexts
+
* Fuzzing
+
* Scripting
+
* Zest - ZAP’s macro language
+
* Changing the source code 
+
  
 +
This session introduces the OWASP Zed Attack Proxy (ZAP), a free, open source, Java-based integrated penetration testing tool for finding vulnerabilities in web applications.
  
'''2014 June 27: BSides Manchester, UK [http://www.bsidesmcr.org.uk/ Simon Bennetts: ZAP Advanced Features]'''
+
Although ZAP is widely used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers.  
  
The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.
+
The session shows how ZAP can be used to find vulnerabilities, both manually and as part of an automated build. It also provides an overview of some of the more advanced features and explains how they can be used for more-complex security testing.
 
+
In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including:
+
* Handling single page and other ‘non standard’ apps
+
* Client side testing with Plug-n-Hack
+
* Advanced scanning options
+
* Contexts
+
* Fuzzing
+
* Scripting
+
* Zest - ZAP’s macro language
+
* Changing the source code
+

Revision as of 06:22, 9 July 2014

Upcoming Talks/Training:

2014 August 6: Black Hat Arsenal, Las Vegas, NV: Simon Bennetts: OWASP ZAP

The Zed Attack Proxy (ZAP) is currently the most active open source web application security tool and competes effectively with commercial tools.

While it is an ideal tool for people new to appsec, it also has many features specifically intended for advanced penetration testing.

Simon will give a quick introduction to ZAP and then dive into the more advanced features as well as giving an overview of where its heading.


2014 September 28 - October 2: JavaOne, San Fransisco, CA: Simon Bennetts: Security Testing for Developers Using OWASP ZAP

Any application exposed to the internet will be attacked, and the earlier in the development cycle you find vulnerabilities, the better.

This session introduces the OWASP Zed Attack Proxy (ZAP), a free, open source, Java-based integrated penetration testing tool for finding vulnerabilities in web applications.

Although ZAP is widely used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers.

The session shows how ZAP can be used to find vulnerabilities, both manually and as part of an automated build. It also provides an overview of some of the more advanced features and explains how they can be used for more-complex security testing.