0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Zed Attack Proxy Cookbook

You're reading from Zed Attack Proxy Cookbook Hacking tactics, techniques, and procedures for testing web applications and APIs

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781801817332

Length 284 pages

Edition 1st Edition

Languages

Perl

Concepts

Penetration Testing

Authors (3):

Nestor Torres

Ahmed Almoailu

Ryan Soper

View More author details

Table of Contents (14) Chapters

Preface

1. Chapter 1: Getting Started with OWASP Zed Attack Proxy

2. Chapter 2: Navigating the UI FREE CHAPTER

3. Chapter 3: Configuring, Crawling, Scanning, and Reporting

4. Chapter 4: Authentication and Authorization Testing

5. Chapter 5: Testing of Session Management

6. Chapter 6: Validating (Data) Inputs – Part 1

7. Chapter 7: Validating (Data) Inputs – Part 2

8. Chapter 8: Business Logic Testing

9. Chapter 9: Client-Side Testing

10. Chapter 10: Advanced Attack Techniques

11. Chapter 11: Advanced Adventures with ZAP

12. Index

Why subscribe?

13. Other Books You May Enjoy

Test for process timing

Process timing test is a type of business logic testing that focuses on finding flows in how applications accomplish certain processes, such as authentication. In the process timing testing, the tester looks at how long it takes the application to process valid versus invalid inputs or actions. The tester validates that an attacker is unable to determine the behavior of an application based on the time it takes the application to finish an action. In the authentication example, by monitoring the process timing, based on the timing variation between entering valid credentials versus invalid credentials, an attacker can determine whether the credentials are valid without having to depend on the GUI.

Getting ready

For this recipe, you will need to start PortSwigger’s Username enumerations via response timing lab and ensure that ZAP is intercepting traffic between the lab application and your browser.

How to do it…

The following step-by...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at AU $24.99/month. Cancel anytime

Authors (4)

Ryan Soper

Ryan Soper

Ryan Soper is a lead penetration tester, senior application security engineer, and veteran of the US Coast Guard. His experience includes penetration testing, application security, and IT consulting, among more, throughout his career. He's an active member and organizer of the DefCon813 chapter, a member of the OWASP Tampa chapter, and enjoys connecting with others throughout the community at conferences or other various networking events. He can be contacted at ryans.wapt at gmail.com or followed on Twitter at soapszzz. Ryan is an ambassador for the Innocent Lives Foundation (ILF), a group of hackers that work with law enforcement to protect children from online predators. Your support will help the team to continue their important work. I urge you to consider making a donation to the ILF at innocentlivesfoundation.org/donate/.

See other products by Ryan Soper

Nestor Torres

Nestor Torres

Nestor N Torres is a senior application security engineer and web application penetration tester. His experience includes application security, IT consulting, penetration testing, and mobile penetration testing. He is an active member and organizer of the DefCon813 chapter and OWASP Tampa chapter, who enjoys helping new colleagues interested in joining the cyber security field. You can find him at his local BSides in Orlando and Tampa and other conferences such as Defcon and OWASP events. He can be contacted on Twitter at n3stortorres.

See other products by Nestor Torres

Ahmed Almoailu

Ahmed Almoailu

Ahmed Almoailu is a cyber security engineer with years of experience in vulnerability management, risk management, network security, cloud security, and endpoint security. He has a Master of Science in Cybersecurity and a Bachelor of Science in computer information systems from Saint Leo University and is currently working in healthcare. He is a member of the DefCon813 chapter and participates in security events in the community. Ahmed holds CASP+, Security+, Certified Ethical Hacker (CEH), eJPT, and AWS Cloud Practitioner certifications.

See other products by Ahmed Almoailu

Nestor N Torres

Nestor N Torres

Nestor N Torres is a senior application security engineer and web application penetration tester. His experience includes application security, IT consulting, penetration testing, and mobile penetration testing. He is an active member and organizer of the DefCon813 chapter and OWASP Tampa chapter, who enjoys helping new colleagues interested in joining the cyber security field. You can find him at his local BSides in Orlando and Tampa and other conferences such as Defcon and OWASP events. He can be contacted on Twitter at n3stortorres.

See other products by Nestor N Torres

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m