Getting fuzzy with ZAP
ZAP has the ability to modify or fuzz requests on their way to the web application, and this can be a great tool for testing input validation, application logic, a multitude of injection vulnerabilities, and error handling. Fuzzing attacks add some automation to otherwise tedious, laborious, and iterative tests, focusing on bugs applying to how requests are processed. The built-in Fuzzing payloads are reasonably straightforward but can be extended through the use of add-ons or even custom scripts. A great resource for advancing your fuzzing skills on ZAP is the OWASP's OTG Appendix C located at https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix_C:_Fuzz_Vectors. We can launch the fuzz action from almost anywhere ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access