Projects/OWASP Zed Attack Proxy Project/Pages/Talks
2013 October 31: OWASP Limerick Day Simon Bennetts: ZAP - Whats even newer
The Zed Attack Proxy is one of the most popular OWASP projects, and has an enthusiastic developer community which encourages participation.
There are many new developments in progress that will provide functionality currently unavailable in other security tools.
In this session Simon will give a quick introduction for newcomers to ZAP, and then dive into the latest changes.
2013 November 14: DEVOXX Antwerp David Tillemans: Security test automation in software development using open source tools
Writing secure software is better than plugging holes. A high level of automation is essential for building security into your software development lifecycle.
David Tillemans, application security expert at Smals (www.smals.be), will talk about some standard security checks and demonstrate the essential testing tools.
Findbugs and PMD are well know open source tools offering great security oriented features.
ZAProxy, a web application security scanner developed by OWASP (Open Web Application Security Project), is great for testing the security issues of the web frontend. It can be integrated in your test driven development lifecycle. The session will demonstrate the integration of ZAproxy into Maven using a plugin and how to perform automatic web security scans based on your Selenium tests.
2013 November 20: AppSec USA New York Simon Bennetts: ZAP Innovations
The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.
This talk will focus on the latest changes to ZAP and the plans for it’s future.
Due to the growing number of people working on ZAP, and the fact that there are 5 ZAP related Google Summer of Code 2013 projects, the content of the talk will be announced closer to the conference date.
2013 November 21: AppSec USA New York Simon Bennetts: ZAP Hackathon
This session is a chance for people to learn how to work on ZAP from the ZAP Project Leader. ZAP is a community project, and as such participation is actively encouraged.
Simon will explain the numerous ways in which individuals and companies can contribute to ZAP. He will also explain how the code is structured and explain how any part of the project can be changed. Working on ZAP is a great way to learn more about web application security.
Being able to change the code means that you can add and change any features you want, either just for you own benefit or to contribute back to the community. There will be time set aside for hacking ZAP, with Simon on hand to answer any questions and give any guidance required.
This is a great opportunity to be part of the fastest growing and most active OWASP project.
During this session, Simon will:
- Explain how people can contribute to ZAP.
- Demonstrate how to set up a ZAP development environment.
- Explain ZAP code structure.
- Show people how to code scripts, active/passive scan rules, add-ons, core changes and improve the docs and localization.
- Let people hack the ZAP code and docs with full support and guidance.