[Owasp-leaders] Courses using ZAP?
Ricardo Iramar dos Santos
ricardo.iramar at owasp.org
Tue Aug 8 19:55:11 UTC 2017
Maybe you could include that Firefox project is using ZAP.
- We completed the implementation of API Scanning with ZAP
automate vulnerability scanning of our services by leveraging OpenAPI
On Fri, Aug 4, 2017 at 6:40 PM, Ricardo Iramar dos Santos <
ricardo.iramar at owasp.org> wrote:
> Not sure about other SANS trainings but I'm sure that "SEC542: Web App
> Penetration Testing and Ethical Hacking" use ZAP because I did.
> SEC542.3: Web Penetration Testing and Ethical Hacking: Injection
> This section continues to explore our methodology with the discovery
> phase. We build on the information identified during the mapping phase,
> exploring methods to find and verify vulnerabilities within the
> application. Students also begin to explore the interactions between the
> various vulnerabilities.
> This course day dives deeply into vital manual testing techniques for
> vulnerability discovery. To facilitate manual testing, we kick off the day
> with an introduction to Python and a hands-on lab working with it.
> In addition to custom scripts, we focus on developing in-depth knowledge
> of interception proxies for web application vulnerability discovery. A
> highlight of the day involves spending significant time working with both
> traditional and blind SQL injection flaws.
> Throughout the discovery phase, we will explore both manual and automated
> methods of discovering vulnerabilities within applications and discuss the
> circumstances under which each is appropriate.
> CPE/CMU Credits: 6
> Python for web app penetration testing
> Web app vulnerabilities and manual verification techniques
> Interception proxies
> Zed Attack Proxy (ZAP)
> Burp Suite...
> On Fri, Aug 4, 2017 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>> Please let me know if you know of any courses (university or otherwise)
>> that make use of ZAP.
>> We're working on a new ZAP homepage and would love to list as many
>> relevant courses as possible. Commercial course are fine too, we are just
>> going to list them, not endorce them ;)
>> We've always intended ZAP to be an ideal tool for students, so it would
>> be good to hear if thats really the case.
>> Please reply to just me to avoid spamming the group (unless you want to
>> say something to everyone of course), and if you know of courses using
>> other OWASP tools then I'm sure the relevant project leaders would like to
>> hear about them too.
>> We all tend to only ever hear about the problems, not the success stories!
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> Ricardo Iramar dos Santos
> skype: ricardo.iramar
> twitter: ricardo_iramar
> "Yesterday is history, tomorrow is a mystery, but today is a gift. That is
> why it is called the present."
Ricardo Iramar dos Santos
"Yesterday is history, tomorrow is a mystery, but today is a gift. That is
why it is called the present."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders