[Owasp-leaders] Courses using ZAP?

Ricardo Iramar dos Santos ricardo.iramar at owasp.org
Tue Aug 8 19:55:11 UTC 2017


Hi Simon,

Maybe you could include that Firefox project is using ZAP.

https://wiki.mozilla.org/SecurityEngineering/Newsletter
Operations Security

   - We completed the implementation of API Scanning with ZAP
   <https://zaproxy.blogspot.co.uk/2017/06/scanning-apis-with-zap.html>, to
   automate vulnerability scanning of our services by leveraging OpenAPI
   definitions.


On Fri, Aug 4, 2017 at 6:40 PM, Ricardo Iramar dos Santos <
ricardo.iramar at owasp.org> wrote:

> Not sure about other SANS trainings but I'm sure that "SEC542: Web App
> Penetration Testing and Ethical Hacking" use ZAP because I did.
>
> https://www.sans.org/course/web-app-penetration-testing-ethical-hacking
> SEC542.3: Web Penetration Testing and Ethical Hacking: Injection
> Overview
>
> This section continues to explore our methodology with the discovery
> phase. We build on the information identified during the mapping phase,
> exploring methods to find and verify vulnerabilities within the
> application. Students also begin to explore the interactions between the
> various vulnerabilities.
>
> This course day dives deeply into vital manual testing techniques for
> vulnerability discovery. To facilitate manual testing, we kick off the day
> with an introduction to Python and a hands-on lab working with it.
>
> In addition to custom scripts, we focus on developing in-depth knowledge
> of interception proxies for web application vulnerability discovery. A
> highlight of the day involves spending significant time working with both
> traditional and blind SQL injection flaws.
>
> Throughout the discovery phase, we will explore both manual and automated
> methods of discovering vulnerabilities within applications and discuss the
> circumstances under which each is appropriate.
>
> CPE/CMU Credits: 6
>
> Topics
>
> Python for web app penetration testing
> Web app vulnerabilities and manual verification techniques
> Interception proxies
> Zed Attack Proxy (ZAP)
> Burp Suite...
>
> On Fri, Aug 4, 2017 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>
>> Leaders,
>>
>> Please let me know if you know of any courses (university or otherwise)
>> that make use of ZAP.
>> We're working on a new ZAP homepage and would love to list as many
>> relevant courses as possible. Commercial course are fine too, we are just
>> going to list them, not endorce them ;)
>> We've always intended ZAP to be an ideal tool for students, so it would
>> be good to hear if thats really the case.
>>
>> Please reply to just me to avoid spamming the group (unless you want to
>> say something to everyone of course), and if you know of courses using
>> other OWASP tools then I'm sure the relevant project leaders would like to
>> hear about them too.
>> We all tend to only ever hear about the problems, not the success stories!
>>
>> Cheers,
>>
>> Simon
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Ricardo Iramar dos Santos
> http://ricardo-iramar.com
> https://www.linkedin.com/in/iramar
> skype: ricardo.iramar
> twitter: ricardo_iramar
> "Yesterday is history, tomorrow is a mystery, but today is a gift. That is
> why it is called the present."
>



-- 
Ricardo Iramar dos Santos
http://ricardo-iramar.com
https://www.linkedin.com/in/iramar
skype: ricardo.iramar
twitter: ricardo_iramar
"Yesterday is history, tomorrow is a mystery, but today is a gift. That is
why it is called the present."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170808/4fa6d3d5/attachment.html>


More information about the OWASP-Leaders mailing list