[Owasp-leaders] Courses using ZAP?

Ricardo Iramar dos Santos ricardo.iramar at owasp.org
Fri Aug 4 21:40:13 UTC 2017

Not sure about other SANS trainings but I'm sure that "SEC542: Web App
Penetration Testing and Ethical Hacking" use ZAP because I did.

SEC542.3: Web Penetration Testing and Ethical Hacking: Injection

This section continues to explore our methodology with the discovery phase.
We build on the information identified during the mapping phase, exploring
methods to find and verify vulnerabilities within the application. Students
also begin to explore the interactions between the various vulnerabilities.

This course day dives deeply into vital manual testing techniques for
vulnerability discovery. To facilitate manual testing, we kick off the day
with an introduction to Python and a hands-on lab working with it.

In addition to custom scripts, we focus on developing in-depth knowledge of
interception proxies for web application vulnerability discovery. A
highlight of the day involves spending significant time working with both
traditional and blind SQL injection flaws.

Throughout the discovery phase, we will explore both manual and automated
methods of discovering vulnerabilities within applications and discuss the
circumstances under which each is appropriate.

CPE/CMU Credits: 6


Python for web app penetration testing
Web app vulnerabilities and manual verification techniques
Interception proxies
Zed Attack Proxy (ZAP)
Burp Suite...

On Fri, Aug 4, 2017 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:

> Leaders,
> Please let me know if you know of any courses (university or otherwise)
> that make use of ZAP.
> We're working on a new ZAP homepage and would love to list as many
> relevant courses as possible. Commercial course are fine too, we are just
> going to list them, not endorce them ;)
> We've always intended ZAP to be an ideal tool for students, so it would be
> good to hear if thats really the case.
> Please reply to just me to avoid spamming the group (unless you want to
> say something to everyone of course), and if you know of courses using
> other OWASP tools then I'm sure the relevant project leaders would like to
> hear about them too.
> We all tend to only ever hear about the problems, not the success stories!
> Cheers,
> Simon
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Ricardo Iramar dos Santos
skype: ricardo.iramar
twitter: ricardo_iramar
"Yesterday is history, tomorrow is a mystery, but today is a gift. That is
why it is called the present."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170804/25ea43e7/attachment.html>

More information about the OWASP-Leaders mailing list