[Owasp-leaders] Courses using ZAP?

Ricardo Iramar dos Santos ricardo.iramar at owasp.org
Wed Aug 9 13:20:32 UTC 2017


Sorry... I didn't know that you work there. :)

On Wed, Aug 9, 2017 at 4:08 AM, psiinon <psiinon at gmail.com> wrote:

> We'd definitely be very interested to hear of how organisations are using
> ZAP.
> This one I already know about - I work for Mozilla in the Operation
> Security team, and that was one of my projects ;)
>
> Cheers,
>
> Simon
>
> On Tue, Aug 8, 2017 at 9:55 PM, Ricardo Iramar dos Santos <
> ricardo.iramar at owasp.org> wrote:
>
>> Hi Simon,
>>
>> Maybe you could include that Firefox project is using ZAP.
>>
>> https://wiki.mozilla.org/SecurityEngineering/Newsletter
>> Operations Security
>>
>>    - We completed the implementation of API Scanning with ZAP
>>    <https://zaproxy.blogspot.co.uk/2017/06/scanning-apis-with-zap.html>,
>>    to automate vulnerability scanning of our services by leveraging OpenAPI
>>    definitions.
>>
>>
>> On Fri, Aug 4, 2017 at 6:40 PM, Ricardo Iramar dos Santos <
>> ricardo.iramar at owasp.org> wrote:
>>
>>> Not sure about other SANS trainings but I'm sure that "SEC542: Web App
>>> Penetration Testing and Ethical Hacking" use ZAP because I did.
>>>
>>> https://www.sans.org/course/web-app-penetration-testing-ethical-hacking
>>> SEC542.3: Web Penetration Testing and Ethical Hacking: Injection
>>> Overview
>>>
>>> This section continues to explore our methodology with the discovery
>>> phase. We build on the information identified during the mapping phase,
>>> exploring methods to find and verify vulnerabilities within the
>>> application. Students also begin to explore the interactions between the
>>> various vulnerabilities.
>>>
>>> This course day dives deeply into vital manual testing techniques for
>>> vulnerability discovery. To facilitate manual testing, we kick off the day
>>> with an introduction to Python and a hands-on lab working with it.
>>>
>>> In addition to custom scripts, we focus on developing in-depth knowledge
>>> of interception proxies for web application vulnerability discovery. A
>>> highlight of the day involves spending significant time working with both
>>> traditional and blind SQL injection flaws.
>>>
>>> Throughout the discovery phase, we will explore both manual and
>>> automated methods of discovering vulnerabilities within applications and
>>> discuss the circumstances under which each is appropriate.
>>>
>>> CPE/CMU Credits: 6
>>>
>>> Topics
>>>
>>> Python for web app penetration testing
>>> Web app vulnerabilities and manual verification techniques
>>> Interception proxies
>>> Zed Attack Proxy (ZAP)
>>> Burp Suite...
>>>
>>> On Fri, Aug 4, 2017 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> Leaders,
>>>>
>>>> Please let me know if you know of any courses (university or otherwise)
>>>> that make use of ZAP.
>>>> We're working on a new ZAP homepage and would love to list as many
>>>> relevant courses as possible. Commercial course are fine too, we are just
>>>> going to list them, not endorce them ;)
>>>> We've always intended ZAP to be an ideal tool for students, so it would
>>>> be good to hear if thats really the case.
>>>>
>>>> Please reply to just me to avoid spamming the group (unless you want to
>>>> say something to everyone of course), and if you know of courses using
>>>> other OWASP tools then I'm sure the relevant project leaders would like to
>>>> hear about them too.
>>>> We all tend to only ever hear about the problems, not the success
>>>> stories!
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> Ricardo Iramar dos Santos
>>> http://ricardo-iramar.com
>>> https://www.linkedin.com/in/iramar
>>> skype: ricardo.iramar
>>> twitter: ricardo_iramar
>>> "Yesterday is history, tomorrow is a mystery, but today is a gift. That
>>> is why it is called the present."
>>>
>>
>>
>>
>> --
>> Ricardo Iramar dos Santos
>> http://ricardo-iramar.com
>> https://www.linkedin.com/in/iramar
>> skype: ricardo.iramar
>> twitter: ricardo_iramar
>> "Yesterday is history, tomorrow is a mystery, but today is a gift. That
>> is why it is called the present."
>>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>



-- 
Ricardo Iramar dos Santos
http://ricardo-iramar.com
https://www.linkedin.com/in/iramar
skype: ricardo.iramar
twitter: ricardo_iramar
"Yesterday is history, tomorrow is a mystery, but today is a gift. That is
why it is called the present."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170809/a01622ad/attachment.html>


More information about the OWASP-Leaders mailing list