0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Zed Attack Proxy Cookbook

You're reading from Zed Attack Proxy Cookbook Hacking tactics, techniques, and procedures for testing web applications and APIs

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781801817332

Length 284 pages

Edition 1st Edition

Languages

Perl

Concepts

Penetration Testing

Authors (3):

Nestor Torres

Ahmed Almoailu

Ryan Soper

View More author details

Table of Contents (14) Chapters

Preface

1. Chapter 1: Getting Started with OWASP Zed Attack Proxy

2. Chapter 2: Navigating the UI FREE CHAPTER

3. Chapter 3: Configuring, Crawling, Scanning, and Reporting

4. Chapter 4: Authentication and Authorization Testing

5. Chapter 5: Testing of Session Management

6. Chapter 6: Validating (Data) Inputs – Part 1

7. Chapter 7: Validating (Data) Inputs – Part 2

8. Chapter 8: Business Logic Testing

9. Chapter 9: Client-Side Testing

10. Chapter 10: Advanced Attack Techniques

11. Chapter 11: Advanced Adventures with ZAP

12. Index

Why subscribe?

13. Other Books You May Enjoy

Utilizing ZAP DAST testing with Jenkins

Jenkins is an open source CI/CD technology that aids in the automation of the software development process. Jenkins allows developers to seamlessly merge code changes and automatically create, test, and deploy applications, making the software development process more efficient and dependable. Jenkins is extensively used by teams of all sizes to automate their software delivery processes, and it is easily customizable to meet the demands of each project. In this context, the OWASP ZAP is a Dynamic Application Security (DAST) vulnerability detection tool for web applications. It can be linked to a Jenkins pipeline to automate security testing as part of the CI/CD process.

Getting ready

This recipe requires the installation of Jenkins and Docker on an Ubuntu 22.04 virtual machine. Ensure Juice-Shop is running locally to scan against it.

Important note

If you are running Jenkins on a local system, you must offer access rights/permissions...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

Ryan Soper

Ryan Soper

Ryan Soper is a lead penetration tester, senior application security engineer, and veteran of the US Coast Guard. His experience includes penetration testing, application security, and IT consulting, among more, throughout his career. He's an active member and organizer of the DefCon813 chapter, a member of the OWASP Tampa chapter, and enjoys connecting with others throughout the community at conferences or other various networking events. He can be contacted at ryans.wapt at gmail.com or followed on Twitter at soapszzz. Ryan is an ambassador for the Innocent Lives Foundation (ILF), a group of hackers that work with law enforcement to protect children from online predators. Your support will help the team to continue their important work. I urge you to consider making a donation to the ILF at innocentlivesfoundation.org/donate/.

See other products by Ryan Soper

Nestor Torres

Nestor Torres

Nestor N Torres is a senior application security engineer and web application penetration tester. His experience includes application security, IT consulting, penetration testing, and mobile penetration testing. He is an active member and organizer of the DefCon813 chapter and OWASP Tampa chapter, who enjoys helping new colleagues interested in joining the cyber security field. You can find him at his local BSides in Orlando and Tampa and other conferences such as Defcon and OWASP events. He can be contacted on Twitter at n3stortorres.

See other products by Nestor Torres

Ahmed Almoailu

Ahmed Almoailu

Ahmed Almoailu is a cyber security engineer with years of experience in vulnerability management, risk management, network security, cloud security, and endpoint security. He has a Master of Science in Cybersecurity and a Bachelor of Science in computer information systems from Saint Leo University and is currently working in healthcare. He is a member of the DefCon813 chapter and participates in security events in the community. Ahmed holds CASP+, Security+, Certified Ethical Hacker (CEH), eJPT, and AWS Cloud Practitioner certifications.

See other products by Ahmed Almoailu

Nestor N Torres

Nestor N Torres

Nestor N Torres is a senior application security engineer and web application penetration tester. His experience includes application security, IT consulting, penetration testing, and mobile penetration testing. He is an active member and organizer of the DefCon813 chapter and OWASP Tampa chapter, who enjoys helping new colleagues interested in joining the cyber security field. You can find him at his local BSides in Orlando and Tampa and other conferences such as Defcon and OWASP events. He can be contacted on Twitter at n3stortorres.

See other products by Nestor N Torres

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m