owasp zap screenshots - university of pennsylvaniaquestions and solutions as screenshots : owasp zap...

Report

Post on 27-Mar-2020

6 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

QuestionsandSolutionsasscreenshots:OWASPZAP

1. SettingZAPasanInterceptingproxyserver:Inoptionsmenuonhomepageofapplication,inlocalproxy,portnumbercanbechangedfortheproxy.

Innetworksettingofbrowser,proxyshouldbeenabled.

Inthehistorytab,alltherequests,responsescanbeseenwhenrequestsaremadethroughthebrowserthenandtheapplicationactsasaproxylisteningandrecordingalltherequests.Also,alertsandtagslikecookiescanbeseen.

Tocrawlawebsiteorlaunchactiveattacks,asamplewebapplicationwascreated.Thiswebapplicationrunsonjettyandisasimpleuserform

2. Crawlingyourwebapplication:Spideroptionisnowselectedafterrightclickingthewebapplication,whichcrawlsthewebsiteanddisplaysresults

Thesearetheresultsobtainedaftercrawling:

Optionsforcrawlinglikedepth,threadscanbesetupinoptionsmenu:

3. Activeattacksonwebapplicationtolookforunhandledalerts:Activescanwillscanthewebapplicationanddisplaypossiblealerts

Asexplainedintheslides,differentalertscanbecheckedinbottomleftcorner:

4. Fuzztestwebapplicationforaspecificparameter:SelectFuzztestingforyourwebapplication

Thenhighlighttheparameter,youwanttofuzzteston,likeinthebelowcaseitisusername,andselectaddpayload

Selectfilefuzzerandchoosedifferentfuzztestersavailable.Youcanchoosealltoperformextensivetestingorjustafewselectedpayloads

Youcanthenseetheresultsfordifferentpayloads.Requestsandresponsescanbeseen,anddifferentpayloadscanthusbetestedeasily.Reflectedstateindicatesthattheresponseincorrect,andthatpayloadishandledbytheapplication.

top related

automating owasp zap - devcseccon talk
Internet
building owasp zap using eclipse ide for java pen -testers
Documents
owasp 2013 limerick - zap: whats even newer
Technology
security project 2014 annual report -...
Documents
building owasp zap using eclipse ide for java…...
Documents
owasp 2015 appsec eu zap 2.4.0 and beyond
Internet
scripts that automate owasp zap as part of a continuous...
Technology
multi-step scanning in zap - technical university …....
Documents
an introduction to zap - owasp · • proxying via zap, and...
Documents
jenkins と owasp zap で自動診断
Technology
introduction to owasp zap overview...
Documents
seminario web 5 uso de owasp zap...seminario web 5 "uso de...
Documents
practical security testing for developers using owasp zap at...
Software
owasp zed attack proxyzed attack proxy simon bennetts owasp...
Documents
web testing with owasp zed application proxy (zap) testing...
Documents
n different strategies to automate owasp zap different...
Documents
nest kali linux tutorial: owasp zed attack...
Documents
herramientas libres para el análisis de vulnerabilidades...
Technology
creating owasp zap extensions and add-ons · creating owasp...
Documents
zap jenkins plugin 2 - owasp€¦ · zap jenkins plugin –...
Documents