Summary
OWASP's ZAP tool and Burp Suite form the bulk of many web application security test methodologies, and for good reason. Proxy-based tools are able to observe the transactions between the client and server without worrying about losing the context of session information. Proxies can thus do what outside analysis cannot, which is see the application working end to end. When we are looking at how attackers commonly disrupt or exploit modern applications, they are using these same techniques to either capture the data back and forth or insert their own malicious intent. ZAP and Burp give us a means to preempt that MITM approach and fully test applications against these attacks.
In this chapter, we covered some of the more general tools ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access