This course is an introduction to web penetration testing using the Zed Attack Proxy (ZAP) offered by OWASP. It is intended for both quality assurance engineers who want to extend their skills to security testing as well as developers who want to see how hackers attack their applications. The course covers how to test for the common web application vulnerabilities
| Title | Introduction to Penetration Testing with ZAP |
| Code | SEC 120A |
| Description | This course is offered in the form of a hands-on workshop. We will first learn how to install, configure and use ZAP and then we will apply that knowledge to test for common vulnerabilities in web applications we will run locally. |
| Topics |
Download, install, run ZAP Configuration for intercepting HTTPS traffic Intercept and modify browser traffic Replay web requests Context, authentication and session preparation Spidering Active and passive scanning Extensions Filters API Automation |
| Requirements | Participants will need to bring their own computers capable of running ZAP (a Java application) and a modern web browser. |
| Duration | 8 hours |
| Audience |
Quality assurance engineers Software developers |