[Owasp-leaders] Courses using ZAP?

psiinon psiinon at gmail.com
Wed Aug 9 07:08:20 UTC 2017


We'd definitely be very interested to hear of how organisations are using
ZAP.
This one I already know about - I work for Mozilla in the Operation
Security team, and that was one of my projects ;)

Cheers,

Simon

On Tue, Aug 8, 2017 at 9:55 PM, Ricardo Iramar dos Santos <
ricardo.iramar at owasp.org> wrote:

> Hi Simon,
>
> Maybe you could include that Firefox project is using ZAP.
>
> https://wiki.mozilla.org/SecurityEngineering/Newsletter
> Operations Security
>
>    - We completed the implementation of API Scanning with ZAP
>    <https://zaproxy.blogspot.co.uk/2017/06/scanning-apis-with-zap.html>,
>    to automate vulnerability scanning of our services by leveraging OpenAPI
>    definitions.
>
>
> On Fri, Aug 4, 2017 at 6:40 PM, Ricardo Iramar dos Santos <
> ricardo.iramar at owasp.org> wrote:
>
>> Not sure about other SANS trainings but I'm sure that "SEC542: Web App
>> Penetration Testing and Ethical Hacking" use ZAP because I did.
>>
>> https://www.sans.org/course/web-app-penetration-testing-ethical-hacking
>> SEC542.3: Web Penetration Testing and Ethical Hacking: Injection
>> Overview
>>
>> This section continues to explore our methodology with the discovery
>> phase. We build on the information identified during the mapping phase,
>> exploring methods to find and verify vulnerabilities within the
>> application. Students also begin to explore the interactions between the
>> various vulnerabilities.
>>
>> This course day dives deeply into vital manual testing techniques for
>> vulnerability discovery. To facilitate manual testing, we kick off the day
>> with an introduction to Python and a hands-on lab working with it.
>>
>> In addition to custom scripts, we focus on developing in-depth knowledge
>> of interception proxies for web application vulnerability discovery. A
>> highlight of the day involves spending significant time working with both
>> traditional and blind SQL injection flaws.
>>
>> Throughout the discovery phase, we will explore both manual and automated
>> methods of discovering vulnerabilities within applications and discuss the
>> circumstances under which each is appropriate.
>>
>> CPE/CMU Credits: 6
>>
>> Topics
>>
>> Python for web app penetration testing
>> Web app vulnerabilities and manual verification techniques
>> Interception proxies
>> Zed Attack Proxy (ZAP)
>> Burp Suite...
>>
>> On Fri, Aug 4, 2017 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> Leaders,
>>>
>>> Please let me know if you know of any courses (university or otherwise)
>>> that make use of ZAP.
>>> We're working on a new ZAP homepage and would love to list as many
>>> relevant courses as possible. Commercial course are fine too, we are just
>>> going to list them, not endorce them ;)
>>> We've always intended ZAP to be an ideal tool for students, so it would
>>> be good to hear if thats really the case.
>>>
>>> Please reply to just me to avoid spamming the group (unless you want to
>>> say something to everyone of course), and if you know of courses using
>>> other OWASP tools then I'm sure the relevant project leaders would like to
>>> hear about them too.
>>> We all tend to only ever hear about the problems, not the success
>>> stories!
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Ricardo Iramar dos Santos
>> http://ricardo-iramar.com
>> https://www.linkedin.com/in/iramar
>> skype: ricardo.iramar
>> twitter: ricardo_iramar
>> "Yesterday is history, tomorrow is a mystery, but today is a gift. That
>> is why it is called the present."
>>
>
>
>
> --
> Ricardo Iramar dos Santos
> http://ricardo-iramar.com
> https://www.linkedin.com/in/iramar
> skype: ricardo.iramar
> twitter: ricardo_iramar
> "Yesterday is history, tomorrow is a mystery, but today is a gift. That is
> why it is called the present."
>



-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170809/e0405cc7/attachment-0001.html>


More information about the OWASP-Leaders mailing list