The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.
In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including: * Handling single page and other ‘non standard’ apps * Client side testing with Plug-n-Hack * Advanced scanning options * Contexts * Fuzzing * Scripting * Zest - ZAP’s macro language * Changing the source code
Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. | | He is the OWASP Zed Attack Proxy Project Leader and works for Mozilla as part of the Security Team.