[Owasp-leaders] Courses using ZAP?

Sherif Mansour sherif.mansour at owasp.org
Sat Sep 30 07:44:16 UTC 2017


Hey Sam, I think Southampton university does that?! I can check.

On Wed, 9 Aug 2017 at 2:21 pm, Ricardo Iramar dos Santos <
ricardo.iramar at owasp.org> wrote:

> Sorry... I didn't know that you work there. :)
>
> On Wed, Aug 9, 2017 at 4:08 AM, psiinon <psiinon at gmail.com> wrote:
>
>> We'd definitely be very interested to hear of how organisations are using
>> ZAP.
>> This one I already know about - I work for Mozilla in the Operation
>> Security team, and that was one of my projects ;)
>>
>> Cheers,
>>
>> Simon
>>
>> On Tue, Aug 8, 2017 at 9:55 PM, Ricardo Iramar dos Santos <
>> ricardo.iramar at owasp.org> wrote:
>>
>>> Hi Simon,
>>>
>>> Maybe you could include that Firefox project is using ZAP.
>>>
>>> https://wiki.mozilla.org/SecurityEngineering/Newsletter
>>> Operations Security
>>>
>>>    - We completed the implementation of API Scanning with ZAP
>>>    <https://zaproxy.blogspot.co.uk/2017/06/scanning-apis-with-zap.html>,
>>>    to automate vulnerability scanning of our services by leveraging OpenAPI
>>>    definitions.
>>>
>>>
>>> On Fri, Aug 4, 2017 at 6:40 PM, Ricardo Iramar dos Santos <
>>> ricardo.iramar at owasp.org> wrote:
>>>
>>>> Not sure about other SANS trainings but I'm sure that "SEC542: Web App
>>>> Penetration Testing and Ethical Hacking" use ZAP because I did.
>>>>
>>>> https://www.sans.org/course/web-app-penetration-testing-ethical-hacking
>>>> SEC542.3: Web Penetration Testing and Ethical Hacking: Injection
>>>> Overview
>>>>
>>>> This section continues to explore our methodology with the discovery
>>>> phase. We build on the information identified during the mapping phase,
>>>> exploring methods to find and verify vulnerabilities within the
>>>> application. Students also begin to explore the interactions between the
>>>> various vulnerabilities.
>>>>
>>>> This course day dives deeply into vital manual testing techniques for
>>>> vulnerability discovery. To facilitate manual testing, we kick off the day
>>>> with an introduction to Python and a hands-on lab working with it.
>>>>
>>>> In addition to custom scripts, we focus on developing in-depth
>>>> knowledge of interception proxies for web application vulnerability
>>>> discovery. A highlight of the day involves spending significant time
>>>> working with both traditional and blind SQL injection flaws.
>>>>
>>>> Throughout the discovery phase, we will explore both manual and
>>>> automated methods of discovering vulnerabilities within applications and
>>>> discuss the circumstances under which each is appropriate.
>>>>
>>>> CPE/CMU Credits: 6
>>>>
>>>> Topics
>>>>
>>>> Python for web app penetration testing
>>>> Web app vulnerabilities and manual verification techniques
>>>> Interception proxies
>>>> Zed Attack Proxy (ZAP)
>>>> Burp Suite...
>>>>
>>>> On Fri, Aug 4, 2017 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> Leaders,
>>>>>
>>>>> Please let me know if you know of any courses (university or
>>>>> otherwise) that make use of ZAP.
>>>>> We're working on a new ZAP homepage and would love to list as many
>>>>> relevant courses as possible. Commercial course are fine too, we are just
>>>>> going to list them, not endorce them ;)
>>>>> We've always intended ZAP to be an ideal tool for students, so it
>>>>> would be good to hear if thats really the case.
>>>>>
>>>>> Please reply to just me to avoid spamming the group (unless you want
>>>>> to say something to everyone of course), and if you know of courses using
>>>>> other OWASP tools then I'm sure the relevant project leaders would like to
>>>>> hear about them too.
>>>>> We all tend to only ever hear about the problems, not the success
>>>>> stories!
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Ricardo Iramar dos Santos
>>>> http://ricardo-iramar.com
>>>> https://www.linkedin.com/in/iramar
>>>> skype: ricardo.iramar
>>>> twitter: ricardo_iramar
>>>> "Yesterday is history, tomorrow is a mystery, but today is a gift. That
>>>> is why it is called the present."
>>>>
>>>
>>>
>>>
>>> --
>>> Ricardo Iramar dos Santos
>>> http://ricardo-iramar.com
>>> https://www.linkedin.com/in/iramar
>>> skype: ricardo.iramar
>>> twitter: ricardo_iramar
>>> "Yesterday is history, tomorrow is a mystery, but today is a gift. That
>>> is why it is called the present."
>>>
>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
>
> --
> Ricardo Iramar dos Santos
> http://ricardo-iramar.com
> https://www.linkedin.com/in/iramar
> skype: ricardo.iramar
> twitter: ricardo_iramar
> "Yesterday is history, tomorrow is a mystery, but today is a gift. That is
> why it is called the present."
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-- 

Sherif Mansour
OWASP London Chapter Leadersherif.mansour at owasp.org
https://www.owasp.org/index.php/London
Follow OWASP London Chapter on Twitter: @owasplondon
<https://twitter.com/OWASPLondon>
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Subscribe to our (lightweight) mailing list:
https://lists.owasp.org/mailman/listinfo/owasp-london
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170930/04bc2e27/attachment.html>


More information about the OWASP-Leaders mailing list