O'Reilly logo

Mastering Kali Linux for Web Penetration Testing by Michael McPhee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Getting fuzzy with ZAP

ZAP has the ability to modify or fuzz requests on their way to the web application, and this can be a great tool for testing input validation, application logic, a multitude of injection vulnerabilities, and error handling. Fuzzing attacks add some automation to otherwise tedious, laborious, and iterative tests, focusing on bugs applying to how requests are processed. The built-in Fuzzing payloads are reasonably straightforward but can be extended through the use of add-ons or even custom scripts. A great resource for advancing your fuzzing skills on ZAP is the OWASP's OTG Appendix C located at https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix_C:_Fuzz_Vectors. We can launch the fuzz action from almost anywhere ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required