![]() ![]() The project aims to standardise security approaches in web development and spread associated knowledge. It is an international collaborative initiative comprised of both individuals and corporations. The Open Web Application Security Project (OWASP) is an open, online community that creates methodologies, tools, technologies and guidance on how to deliver secure web applications. In this article, I will demonstrate how to setup and use OWASP ZAP to test the security of a typical web application.īefore I continue, I feel obligated to warn you that you should use this tool only with an application you’re hosting yourself, or one you’ve been given explicit permission to test, as ZAP attempts to modify data and insert malicious scripts in the web application. Having considered several free and paid tools, we chose OWASP Zed Attack Proxy (ZAP) due to reasons given above and expanded on below. Being relatively new to penetration testing, we wanted to choose a tool that was easy to setup and could find as many vulnerabilities as possible. Recently, I had an opportunity to work alongside my excellent teammates from Triad and the Department for Transport (DfT) as a QA practice lead, developing the new Manage Motor Fuel Greenhouse Gas Emissions service for GOV.UK.įor this project, we wanted to strengthen our in-house penetration testing (pen test) capability to enable us to prove the security of our web application from the outset, rather than having to wait for the results of our independent pen test towards the end development. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |