11 Advanced Adventures with ZAP

Here we are at the final chapter. You’ve learned about the options Zed Attack Proxy (ZAP) offers, from navigating the interface to configurations, from crawling web applications, scanning, and reporting to learning about authentication, authorization, session management, injection attacks on unvalidated inputs, as well as business logic testing, client-side attacks, and some advanced techniques. This final chapter will see a change of pace and look at other implementations and uses of ZAP. We’ll introduce you to using the OWASP ZAP GUI to start web crawling and scanning for vulnerabilities against APIs, but also how to use the API in Docker to scan web applications. We’ll also discuss and show you how to build ...

Get Zed Attack Proxy Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Zed Attack Proxy Cookbook by Ryan Soper, Nestor N Torres, Ahmed Almoailu

11

Advanced Adventures with ZAP

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly