Projects/OWASP Zed Attack Proxy Project/Pages/Talks

From OWASP
Revision as of 03:47, 10 June 2014 by Psiinon (Talk | contribs)

Jump to: navigation, search

Upcoming Talks/Training:

2014 June 24: Velocity, Santa Clara, CA James Wickett, Gareth Rushgrove Battle-tested Code without the Battle - Security Testing and Continuous Integration

Everyone knows that we need to harden our code before it goes into production, but very few actually test for security flaws in their delivery pipeline. We will show a basic continuous delivery pipeline that should be familiar to anyone who has worked with continuous integration, and then proceed to add steps to identify security issues in a typical web application stack.

Attendees will be able to follow along either online or by building the pipeline locally on their own computers. All of the source code will be open source and available for people to use for testing their own applications after the conference. We’ll use a range of open source technology including OWASP ZAP, Gauntlt, Jenkins, Vagrant and more.


2014 June 25: OWASP AppSec EU, Cambridge, UK Simon Bennetts: ZAP Advanced Features

The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.

In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including:

  • Handling single page and other ‘non standard’ apps
  • Client side testing with Plug-n-Hack
  • Advanced scanning options
  • Contexts
  • Fuzzing
  • Scripting
  • Zest - ZAP’s macro language
  • Changing the source code


2014 June 27: BSides Manchester, UK Simon Bennetts: ZAP Advanced Features

The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.

In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including:

  • Handling single page and other ‘non standard’ apps
  • Client side testing with Plug-n-Hack
  • Advanced scanning options
  • Contexts
  • Fuzzing
  • Scripting
  • Zest - ZAP’s macro language
  • Changing the source code