[Owasp-Recife] Fwd: [Owasp-community] Mapping Zap Attack Proxy (ZAP) Add-ons to test Owasp Top 10 Risks​

Julio CESAR juliothecesar at gmail.com
Mon Oct 20 21:38:41 UTC 2014


Bom saber que da pra fazer isso tudo com o ZAP

Forte Abraço!

> Em 20/10/2014, às 12:47, Caio Dias <caio.dias at owasp.org> escreveu:
> 
> Para a galera que gosta de usar o ZAP.
> 
> 
> Caio Dias about.me/caiodias
> 
> Begin forwarded message:
>> On Saturday, Oct 18, 2014 at 18:55, Mariston <mariston at gmail.com>, wrote:
>> 
>> Hello, i was wondering if has anyone managed to map the ZAP Add-ons to each one of the Owasp Top 10 Risks. I have found an article which says i can test my web application mostly with automated tools, but there are many add-ons inluding the ones in the marketplace: https://www.owasp.org/index.php/ZAPpingTheTop10
>> 
>> But this article only says i can do the job by using the "Active Scan Rules" and some manually, of course. I am willing to scan my application in an advanced way by selecting the addons corresponding to each risk. I would be glad if someone could enlighten me on this, thanks.
>> 
>> I am using the Owas Top 10 (2013) and have mapped my tools according to the list bellow:
>> 
>> A1: Zed Attack Proxy (ZAP)
>> A2: Zed Attack Proxy (ZAP)
>> A3: Zed Attack Proxy (ZAP)
>> A4: Zed Attack Proxy (ZAP)
>> A5: OpenVAS
>> A6: Qualys SSL Server Test
>> A7: OpenVAS
>> A8: Zed Attack Proxy (ZAP)
>> A9: OpenVAS
>> A10: Zed Attack Proxy (ZAP)
>> 
>> --
>> Mariston Hanzen
> _______________________________________________
> Owasp-recife mailing list
> Owasp-recife at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-recife
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20141020/280f51ec/attachment.html>


More information about the Owasp-recife mailing list