[Owasp-Recife] Fwd: [Owasp-community] Mapping Zap Attack Proxy (ZAP) Add-ons to test Owasp Top 10 Risks​

Caio Dias caio.dias at owasp.org
Mon Oct 20 15:47:49 UTC 2014

Para a galera que gosta de usar o ZAP.

Caio Dias

Begin forwarded message:
On Saturday, Oct 18, 2014 at 18:55, Mariston <mariston at gmail.com>, wrote:

Hello, i was wondering if has anyone managed to map the ZAP Add-ons to each one of the Owasp Top 10 Risks. I have found an article which says i can test my web application mostly with automated tools, but there are many add-ons inluding the ones in the marketplace: https://www.owasp.org/index.php/ZAPpingTheTop10

But this article only says i can do the job by using the "Active Scan Rules" and some manually, of course. I am willing to scan my application in an advanced way by selecting the addons corresponding to each risk. I would be glad if someone could enlighten me on this, thanks.

I am using the Owas Top 10 (2013) and have mapped my tools according to the list bellow:

A1: Zed Attack Proxy (ZAP)
A2: Zed Attack Proxy (ZAP)
A3: Zed Attack Proxy (ZAP)
A4: Zed Attack Proxy (ZAP)
A5: OpenVAS
A6: Qualys SSL Server Test
A7: OpenVAS
A8: Zed Attack Proxy (ZAP)
A9: OpenVAS
A10: Zed Attack Proxy (ZAP)

Mariston Hanzen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20141020/7c884de0/attachment.html>

More information about the Owasp-recife mailing list