Projects/OWASP Zed Attack Proxy Project/Pages/Talks
2013 November 14: DEVOXX Antwerp David Tillemans: Security test automation in software development using open source tools
Writing secure software is better than plugging holes. A high level of automation is essential for building security into your software development lifecycle.
David Tillemans, application security expert at Smals (www.smals.be), will talk about some standard security checks and demonstrate the essential testing tools.
Findbugs and PMD are well know open source tools offering great security oriented features.
ZAProxy, a web application security scanner developed by OWASP (Open Web Application Security Project), is great for testing the security issues of the web frontend. It can be integrated in your test driven development lifecycle. The session will demonstrate the integration of ZAproxy into Maven using a plugin and how to perform automatic web security scans based on your Selenium tests.
2013 November 20: AppSec USA New York Simon Bennetts: ZAP Innovations
The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.
Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project, with new features being introduced that are currently unavailable in commercial products.
After introducing ZAP to those who have not used it before, Simon will focus on the latest changes to ZAP, including those made during the Google Summer of Code 2013 and innovative initiatives like Plug-n-Hack and the Zest scripting language.
Simon will also demonstrate soon to be released features that have not been seen before and are believed to be not currently possible using equivalent tools.
2013 November 21: AppSec USA New York Simon Bennetts: ZAP Hackathon
This session is a chance for people to learn how to work on ZAP from the ZAP Project Leader. ZAP is a community project, and as such participation is actively encouraged.
Simon will explain the numerous ways in which individuals and companies can contribute to ZAP. He will also explain how the code is structured and explain how any part of the project can be changed. Working on ZAP is a great way to learn more about web application security.
Being able to change the code means that you can add and change any features you want, either just for you own benefit or to contribute back to the community. There will be time set aside for hacking ZAP, with Simon on hand to answer any questions and give any guidance required.
This is a great opportunity to be part of the fastest growing and most active OWASP project.
During this session, Simon will:
- Explain how people can contribute to ZAP.
- Demonstrate how to set up a ZAP development environment.
- Explain ZAP code structure.
- Show people how to code scripts, active/passive scan rules, add-ons, core changes and improve the docs and localization.
- Let people hack the ZAP code and docs with full support and guidance.