Introduction to OWASP Zed Attack

I am currently working with a new security testing tool, OWASP. Previously were performing security testing with a paid tools.

It is intended to show the penetration test tools and is shown here for studies only and I am not responsible for the use of the tool for others purposes. okay ???? 😀

ZAP is open source tool wich is offered by OWASP, for penetration testing of your infrastructure, website and web applications.

Why use OWASP Zed attack proxy ?

Security testing is a most important part of web application and infrastructure testing. Here are the OWASP top 10 security threats

How does it work ?

ZAP creates a proxy server and makes you website traffic pass through that server. It comprise of auto scanning that help you intercept vulnerabilities in your infrastructure and website.

How to works OWASP ZAP

Followers are the types of attacks which ZAP provides:

Installation

As I said in the past, I use chocolatey in Windows 11 PRO environment. Open Windows Terminal in Administration Mode.

type : choco install zap

Download ZAP : https://owasp.org/www-project-zap/ , select to your OS.

Only dependecy is Java.

Crawl the Browser: Either you can use ZAP’s browser or any other browser you want to.

You can always work with the default context available, but it is a good practice to make a new context of your own and include that in your site.

For today it’s just… I hope you like it and any questions you can ask me. Thanks!

Source: ZAP Documentation — https://www.zaproxy.org/docs/

Cloud Engineer & DevOps Engineer