[Owasp-Recife] Fwd: [Owasp-community] Mapping Zap Attack Proxy (ZAP) Add-ons to test Owasp Top 10 Risks
caio.dias at owasp.org
Mon Oct 20 15:47:49 UTC 2014
Para a galera que gosta de usar o ZAP.
Begin forwarded message:
On Saturday, Oct 18, 2014 at 18:55, Mariston <mariston at gmail.com>, wrote:
Hello, i was wondering if has anyone managed to map the ZAP Add-ons to each one of the Owasp Top 10 Risks. I have found an article which says i can test my web application mostly with automated tools, but there are many add-ons inluding the ones in the marketplace: https://www.owasp.org/index.php/ZAPpingTheTop10
But this article only says i can do the job by using the "Active Scan Rules" and some manually, of course. I am willing to scan my application in an advanced way by selecting the addons corresponding to each risk. I would be glad if someone could enlighten me on this, thanks.
I am using the Owas Top 10 (2013) and have mapped my tools according to the list bellow:
A1: Zed Attack Proxy (ZAP)
A2: Zed Attack Proxy (ZAP)
A3: Zed Attack Proxy (ZAP)
A4: Zed Attack Proxy (ZAP)
A6: Qualys SSL Server Test
A8: Zed Attack Proxy (ZAP)
A10: Zed Attack Proxy (ZAP)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-recife