Writing Custom Scripts for OWASP Zed Attack Proxy
Do you want to automate your web security activities? Learn to write custom scripts with OWASP ZAP to detect and guard against application specific vulnerabilities while building security into the software.
What you'll learn
Software delivery is becoming faster than ever and security is always trying to catch up with DevOps. Automated tools have proven to aid with rapid identification of security bugs, but it gets challenging when automated assessments aren't customized to an application's context. In this course, Writing Custom Scripts for OWASP Zed Attack Proxy, you will gain the ability to extend your dynamic application security assessments through the power of custom scripts. First, you will learn the various extension points in OWASP ZAP through the supported scripting types and scripting languages. Next, you will discover how to tackle some of the everyday challenges from effectively communicating security bugs to scripting complicated authentications for automated vulnerability assessments. Finally, you will explore how to identify common vulnerabilities specific to your application's context and guarding against those vulnerabilities coming up again. When you are finished with this course, you will have the skills and knowledge of writing custom security scripts needed to incorporate essential DevSecOps activities.
Table of contents
- Three Important Components of Web Scanning 3m
- Information Exposure Vulnerability 5m
- Default Active Scan and Passive Scan Rules 3m
- Writing a Passive Scan Script to Find Leaking IBANs 7m
- Raising Alerts with Different Arguments 6m
- Running an Active Scan Script to Detect Insecure HTTP Verbs 9m
- Summary 2m
- Module Overview 1m
- Extreme Programming Rule and a Security Regression Test 3m
- OWASP ZAP and Security Regression Testing 2m
- Regressing an XSS Vulnerability 9m
- Regressing an Unvalidated Redirect Vulnerability 5m
- Running Scripts from Command Line with Standalone ZEST Runner 5m
- HTTP Sender Script to Merge Multiple Cookie Headers 8m
- Running Standalone ZEST Scripts 2m
About the author
Marudhamaran Gunasekaran is a Security Consultant and a DevSecOps Lead with DevOn, part of The Waada, Prowareness Group. He plays various roles at work including but not limited to a Security Coach, Trainer, Agile coach, and Compliance Manager. Maran takes joy in staying abreast with the security advancements, contributing to open source community with most recent contributions to OWASP projects, evangelizing security among DevOps professionals as an Ambassador for the DevOps Institute. Some of ... more