0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Zed Attack Proxy Cookbook

You're reading from Zed Attack Proxy Cookbook Hacking tactics, techniques, and procedures for testing web applications and APIs

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781801817332

Length 284 pages

Edition 1st Edition

Languages

Perl

Concepts

Penetration Testing

Authors (3):

Nestor Torres

Ahmed Almoailu

Ryan Soper

View More author details

Table of Contents (14) Chapters

Preface

1. Chapter 1: Getting Started with OWASP Zed Attack Proxy

2. Chapter 2: Navigating the UI FREE CHAPTER

3. Chapter 3: Configuring, Crawling, Scanning, and Reporting

4. Chapter 4: Authentication and Authorization Testing

5. Chapter 5: Testing of Session Management

6. Chapter 6: Validating (Data) Inputs – Part 1

7. Chapter 7: Validating (Data) Inputs – Part 2

8. Chapter 8: Business Logic Testing

9. Chapter 9: Client-Side Testing

10. Chapter 10: Advanced Attack Techniques

11. Chapter 11: Advanced Adventures with ZAP

12. Index

Why subscribe?

13. Other Books You May Enjoy

How to use the ZAP GUI local API to scan a target

The ZAP API scan is a script included with the ZAP Docker images. It is optimized to scan APIs specified by OpenAPI, SOAP, or GraphQL through a local file or a URL. It imports the definition you give and then does an active scan of the URLs discovered. The ZAP API makes it possible to incorporate ZAP features into scripts and applications. In this recipe, we will walk through downloading the ZAP Docker image and then running it to scan against the Juice-Shop URL.

Getting ready

Docker will need to be installed as well as the ZAP Docker image. Be sure that the ZAP image is able to intercept requests and responses from the server to your browser. We will also be using the command line to run the image and kick off spidering and scanning. OWASP ZAP Desktop will also be needed:

https://www.docker.com/products/docker-desktop

How to do it…

ZAP API-based effective automated analysis can assist in identifying emerging flaws...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (4)

Ryan Soper

Ryan Soper

Ryan Soper is a lead penetration tester, senior application security engineer, and veteran of the US Coast Guard. His experience includes penetration testing, application security, and IT consulting, among more, throughout his career. He's an active member and organizer of the DefCon813 chapter, a member of the OWASP Tampa chapter, and enjoys connecting with others throughout the community at conferences or other various networking events. He can be contacted at ryans.wapt at gmail.com or followed on Twitter at soapszzz. Ryan is an ambassador for the Innocent Lives Foundation (ILF), a group of hackers that work with law enforcement to protect children from online predators. Your support will help the team to continue their important work. I urge you to consider making a donation to the ILF at innocentlivesfoundation.org/donate/.

See other products by Ryan Soper

Nestor Torres

Nestor Torres

Nestor N Torres is a senior application security engineer and web application penetration tester. His experience includes application security, IT consulting, penetration testing, and mobile penetration testing. He is an active member and organizer of the DefCon813 chapter and OWASP Tampa chapter, who enjoys helping new colleagues interested in joining the cyber security field. You can find him at his local BSides in Orlando and Tampa and other conferences such as Defcon and OWASP events. He can be contacted on Twitter at n3stortorres.

See other products by Nestor Torres

Ahmed Almoailu

Ahmed Almoailu

Ahmed Almoailu is a cyber security engineer with years of experience in vulnerability management, risk management, network security, cloud security, and endpoint security. He has a Master of Science in Cybersecurity and a Bachelor of Science in computer information systems from Saint Leo University and is currently working in healthcare. He is a member of the DefCon813 chapter and participates in security events in the community. Ahmed holds CASP+, Security+, Certified Ethical Hacker (CEH), eJPT, and AWS Cloud Practitioner certifications.

See other products by Ahmed Almoailu

Nestor N Torres

Nestor N Torres

Nestor N Torres is a senior application security engineer and web application penetration tester. His experience includes application security, IT consulting, penetration testing, and mobile penetration testing. He is an active member and organizer of the DefCon813 chapter and OWASP Tampa chapter, who enjoys helping new colleagues interested in joining the cyber security field. You can find him at his local BSides in Orlando and Tampa and other conferences such as Defcon and OWASP events. He can be contacted on Twitter at n3stortorres.

See other products by Nestor N Torres

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m