Skip to main content

OWASP ZAP - overview

OWASP ZAP (Zed Attack Proxy) is an open source penetration testing application developed by large society of volunteers linked with Open Web Application Security Project organisation.


ZAP is a cybersecurity testing tool capable of performing a wide range of attacks against any web application. It is designed for various level of skills, from trainee web developers to cybersecurity professionals. It act as an attacker's proxy, similarly to man in the middle attack.
 
DAST for OWASP using SonarQube, ZAP on the Broken Web App, and other tools – Index This software is capable of performing various web service attacks such as hidden services scanning, checks against known vulnerabilities, brute-force password cracking, intercepting data and much more. With vast library of mods delivered by whole society ZAP is able to launch an attack against very specific aspect of certain type web app, and the most recently recognized exploits. It can also act as a browser plug-in, providing attacker with normally hidden information, for example HTTP headers and contents of cookies.

While this is extremely useful webdev tool, common sense needs to be applied - this is a software performing real attacks on freely specified target. Experimenting with live web services might be seen as a cyber crime.

Comments

Post a Comment

Popular posts from this blog

Computer Ethics

The invention of computers was undeniably significant milestone for civilisation. Creation of that extensively versatile and multipurpose device was an advancement that commenced a new age - Information Age - in a history of humankind. However with new possibilities, new threats follows: cyber crime, cyber terrorism or cyber war. Computer ethics consists of rules, practices and areas that should be taken into consideration while designing, implementing and using information and communication technologies. It was a predecessor to ICT related legislation and expands current legal obligations for every individual involved.  The first of computer ethics commandments says: "Thou shalt not use a computer to harm other people".   Often ethic codes are assigned to activities that have potential to be unethical, and within computer sciences the first thought is majorly hacking. In general, hacking refers to activities leading to acquire access to systems or data without permission...
Post a Comment
Read more