OWASP – ZAP
ZAP is an easy-to–use, integrated Penetration Testing tool for finding the vulnerabilities in web applications. We provided a brief overview of how to use ZAP in Chapter 3 regarding scanning a target for possible vulnerabilities. Let's revisit ZAP for identifying and exploiting cross-site scripting (commonly referred to as XSS) vulnerabilities.
ZAP comes built into Kali Linux 1.0, and can be found under Sniffing/Spoofing | Web Sniffers and selecting Owasp - ZAP, or simply opening a terminal window and typing in zap, as shown in the following example:
Here is a summary of setting up ZAP with Firefox, as explained in Chapter 3:
- Accept the ...
Get Web Penetration Testing with Kali Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.